Office (OLE) / .XLS malware analysis — malicious · 70dab36628b98da7

MALICIOUS

Office (OLE) / .XLS

71.5 KB Created: 2008-10-29 09:27:58 Authoring application: Microsoft Excel

MD5: f06e882963669d873f13d35db170a8e4 SHA-1: 774557ce7bfe96c6e5de34028ef750c2c6034502 SHA-256: 70dab36628b98da7f0d0af206250193ffca7e66f2ca63f05de9a6c4612abb810

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is an Excel spreadsheet containing a formula macro virus, identified by the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic. The document body presents a seemingly legitimate price quote, likely a lure to trick the user into enabling macros. The embedded script comments explicitly mention 'Excel Formula Macro Virus', 'Poppy by VicodinES', and 'The Narkotic Network 1998', indicating a known malware family. The script also details actions like infecting a workbook and saving it as 'Book1.xls' in the 'xlstart' directory, suggesting an attempt at persistence and payload delivery.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.