Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 60354806c81f04b7…

MALICIOUS

Office (OLE)

273.0 KB Created: 2010-07-08 03:44:22 Authoring application: Microsoft Excel First seen: 2015-06-23
MD5: b3f6ba8dc01a6e08b417164a0384d6b3 SHA-1: fb62dd945377abf66d4c870a702e8fdaf80351df SHA-256: 60354806c81f04b7580284649a801b9b104d5c4b55c1e9f27fef41b5f1df37c0
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'XF.Classic'. The document body contains strings related to infection routines and payload markers, suggesting its intent is to spread and execute malicious code. No specific family could be confidently identified beyond its nature as a formula macro virus.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.