Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 6cf221e9c02a1ded…

MALICIOUS

Office (OLE)

629.0 KB Created: 2002-02-22 17:34:31 Authoring application: Microsoft Excel
MD5: e4ef82c77997c9aa5137a87478d76af1 SHA-1: 45760250a76268bf66ef37584b6e4e8e99694ccc SHA-256: 6cf221e9c02a1ded7c9aa8999d59f7b5735049f62faf78f115b3b7051d4edc3e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing what appears to be financial data and expense categories. A critical heuristic firing indicates it is a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file is designed to execute malicious macros, likely to download further payloads or establish persistence. The presence of 'XL4Poppy' further reinforces the macro-based threat.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.