Office (OLE) / .XLS malware analysis — malicious · 6558e73495c8e032

MALICIOUS

Office (OLE) / .XLS

2.03 MB Created: 2003-11-22 06:04:53 Authoring application: Microsoft Excel

MD5: ae402bc09d06de5266196feef84be29a SHA-1: 7a8cc980e91b8efb08f3da800ac89228d931c26e SHA-256: 6558e73495c8e0329ae4957a820a847573990e9ad1fe9b826633f2a440922fe7

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file identified as a legacy Excel formula macro virus. The document body contains strings like 'Classic.Poppy by VicodinES' and 'An Excel Formula Macro Virus (XF.Classic)', indicating it's designed to leverage old macro techniques. The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' confirms this, suggesting the file aims to execute embedded macro code, likely to download and run additional malicious content.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.