Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 5c7e9fb50ff83ec0…

MALICIOUS

Office (OLE)

592.5 KB Created: 2002-06-03 02:00:04 Authoring application: Microsoft Excel First seen: 2015-09-20
MD5: 226eecc547c997e474d66549fb62f1d0 SHA-1: e4c12a3d9b4a754bc230551611a5b27e998fb3b5 SHA-256: 5c7e9fb50ff83ec06e1f1e6461c80bd54faab107850a4ff53e48ed9cec4c9c5b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS_FORMULA_MACRO_VIRUS, along with the embedded text referencing "Excel Formula Macro Virus", "Poppy by VicodinES", and "The Narkotic Network 1998", strongly suggests this is a macro-based threat. The file appears to be designed to infect other Excel workbooks by copying itself into the XLSTART directory, potentially leading to widespread infection or further payload delivery.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.