Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 6006a644daa3326b…

MALICIOUS

Office (OLE)

742.5 KB Created: 2008-03-24 16:30:17 Authoring application: Microsoft Excel First seen: 2015-09-30
MD5: 89714c1fe9911962c96700be2c4eaf80 SHA-1: 1f29b35a186b1edd997b43aca7d7e7e7131800a1 SHA-256: 6006a644daa3326bf2b0d0e5b617a456cbd5794f0b3e3b60d5bae67988c73a61
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file identified as a legacy Excel formula macro virus. The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' with markers like 'Poppy by VicodinES' and 'Narkotic Network' suggests it may be related to older malware families. The document body contains financial and accounting-related text, which is typical for business compromise or phishing lures.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.