Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 61d50af2693cad2b…

MALICIOUS

Office (OLE)

512.0 KB Created: 2010-03-15 21:52:27 Authoring application: Microsoft Excel
MD5: c46736fd20bb13edcd76b1ca40d1ce45 SHA-1: f310a248527ea308f404be848380244da9aa966c SHA-256: 61d50af2693cad2b89b378833d3107a2c5e5959d25df387c691fa3b50cb96975
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a legacy Excel formula macro virus, specifically 'Classic.Poppy by VicodinES' from 'The Narkotic Network'. The embedded text indicates it attempts to infect other workbooks, saving them as 'Book1.xls' in the Office startup directory, and includes markers associated with known macro viruses.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.