Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 6a983d6690a20cb9…

MALICIOUS

Office (OLE)

1.98 MB Created: 2009-04-11 07:55:28 Authoring application: Microsoft Excel
MD5: 2642121e089287cec997b3077d18d54a SHA-1: ef7bef7b043c357f5a2fcdaf32b25032d037618d SHA-256: 6a983d6690a20cb9efe454bc21e5f12e6d5fd8911d5b6422e6b3de4fb8ab4c5f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample was identified as a legacy Excel formula macro virus, specifically 'Poppy' by VicodinES, which is known to infect other Excel workbooks. The document body contains strings and references indicative of this type of macro-based threat. The presence of 'XL4Poppy' and 'Classic.Poppy by VicodinES' in the extracted data strongly suggests its nature and origin.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.