Office (OLE) / .XLS malware analysis — malicious · 636143f192dfae0c

MALICIOUS

Office (OLE) / .XLS

1.21 MB Created: 2010-06-22 10:07:32

MD5: 1cf4e21c1a68777f238b75becb9697f1 SHA-1: 5c87c394bb70663d35b6d9690c6705edd5e8f354 SHA-256: 636143f192dfae0c2f5ec988e1ebe428c800803a662f170ef0ea3bb14789b0ca

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an XLS file with a critical heuristic firing indicating it is a legacy Excel formula macro virus. The heuristic names 'Poppy by VicodinES' and 'Narkotic Network' suggest a known family or variant. The document body contains a list of Vietnamese company names and codes, which may be part of a lure or obfuscation.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.