Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5c3e7d40afc536ae…

MALICIOUS

Office (OLE) / .XLS

629.5 KB Created: 1999-03-12 07:08:30 Authoring application: Microsoft Excel
MD5: cdebdcf8c5802e895b67777b3ee9b38d SHA-1: 27affbbd5ebd320d4742f9429dcf1fc8325f4565 SHA-256: 5c3e7d40afc536ae4ea6fbc53b4642c1634a7a88b042cf966a7c12b4a1644e43
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing embedded markers indicative of a legacy Excel Formula Macro Virus, specifically 'Classic.Poppy by VicodinES' and 'XF.Classic'. The document body contains text that appears to be a mix of invoice-like fields and the virus's own descriptive text, suggesting a malicious intent to infect or spread.

Heuristics 2

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
  • Fake invoice / payment lure low SE_INVOICE_LURE
    Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators

Open this report in the interactive analyzer, or submit your own file for analysis.