Office (OLE) / .XLS malware analysis — malicious · 5f4a4ce61a0dc69d

MALICIOUS

Office (OLE) / .XLS

623.0 KB Created: 2002-01-18 02:38:26 Authoring application: Microsoft Excel

MD5: 806b0408036eefdc1f7f2bd0804031a7 SHA-1: df1bc7906079f256ff0be71a04c416855ed6a009 SHA-256: 5f4a4ce61a0dc69dc1cfc24febf0ca0ec9f626dbdc54b9f7874b40d8aaf4c44c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy by VicodinES' and 'XF.Classic'. The embedded text confirms the presence of macro virus markers and mentions 'Add New Workbook, Infect It, Save It As Book1.xls', suggesting a mechanism for spreading or executing further malicious actions. The virus appears to be designed to infect other Excel workbooks.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.