Office (OLE) / .XLS malware analysis — malicious · 6b675d83437069de

MALICIOUS

Office (OLE) / .XLS

1.51 MB Created: 2009-10-21 01:55:26 Authoring application: Microsoft Excel

MD5: 39f3b7a46dfb5151bc7c7286948346ad SHA-1: 587ce4f1dd08c465920e1a683ef13e8f18e6024b SHA-256: 6b675d83437069de314263242e72014731f60f008fb4a16202d62ff34e20714c

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates a legacy Excel formula macro virus marker, specifically mentioning 'Poppy by VicodinES'. The presence of XLM macros (Excel 4.0) suggests an attempt to execute malicious code upon opening. The document body, while appearing to be employee data, is likely a lure to disguise the malicious nature of the spreadsheet.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.