Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 65624e2e68aef73a…

MALICIOUS

Office (OLE)

103.5 KB Created: 2012-12-06 01:48:37 Authoring application: Microsoft Excel First seen: 2016-06-30
MD5: f9e49c1a844c0b9ca259f6f9dc964d52 SHA-1: dbf0700228513df4dd7d33271677a92cffa723e9 SHA-256: 65624e2e68aef73a5a0984ad6d3500efdba878ad8713a5217d76c00f0145ee3d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of a legacy Excel formula macro virus, commonly known as Poppy. The document body contains strings related to infecting workbooks and saving them as 'Book1.xls' in the Excel startup directory, suggesting an attempt to achieve persistence or spread.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.