Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 607cb1742eb43cd2…

MALICIOUS

Office (OLE)

978.0 KB Created: 2001-10-25 01:35:04 Authoring application: Microsoft Excel
MD5: 1c11a1c4e1f14b2cbfa76bd853e559cf SHA-1: 3919cdd0c0d06f385becd4876018e764f18423e6 SHA-256: 607cb1742eb43cd2eac62b5f993c4e0ad4a7a2d2330281a4a29c785918dbb830
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing directly identifies this file as a legacy Excel formula macro virus, specifically 'Poppy' or 'XF.Classic'. The embedded text confirms this, mentioning 'An Excel Formula Macro Virus (XF.Classic)' and 'Poppy by VicodinES'. The virus appears to be designed to infect other Excel files, saving them as 'Book1.xls', and potentially delivering a payload described as 'Hydrocodone/APAP 10-650 For Your Computer'.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.