Office (OLE) malware analysis — malicious · 66dcb90429a5ea9f

MALICIOUS

Office (OLE)

141.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel First seen: 2015-09-17

MD5: 28394d08117496a446179231c4206e00 SHA-1: 5daa9e9be2191734674075e37aeecae4f639512a SHA-256: 66dcb90429a5ea9fedd10f55262518437c5e06edaef02875fac0b9881d47b4bd

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a malicious Excel 4.0 macro sheet by critical heuristics, specifically flagging legacy Excel formula macro virus markers like 'XF.Classic' and 'Poppy by VicodinES'. The document body contains strings related to these viruses and mentions 'Hydrocodone/APAP 10-650 For Your Computer', suggesting a potential lure or payload component. The presence of XLM macros indicates an attempt to execute arbitrary code within Excel.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.