Office (OLE) / .EF malware analysis — malicious · 6322e5d6f56b95f1

MALICIOUS

Office (OLE) / .EF

1.86 MB Created: 2010-08-31 08:39:10 Authoring application: Microsoft Excel

MD5: aef04bbd41ae3360687e250a53c09e28 SHA-1: 94ec83d89843b5a8073ce5fce4b3710d11f56e8f SHA-256: 6322e5d6f56b95f1ff9d1d79b07f8c4643e488e6b357f576cda0043070f23eb6

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates the presence of a legacy Excel Formula Macro Virus, specifically mentioning 'Poppy by VicodinES' and 'The Narkotic Network 1998'. The document body confirms this, referencing 'Classic.Poppy by VicodinES' and 'An Excel Formula Macro Virus (XF.Classic)', along with a path that suggests it attempts to infect other Excel files. The macro likely executes a malicious payload, as indicated by the 'Simple Payload' and 'Infect Workbook' sections.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.