Office (OLE) / .XLS malware analysis — malicious · 7143d6619440decc

MALICIOUS

Office (OLE) / .XLS

473.0 KB Created: 2004-06-02 02:25:24 Authoring application: Microsoft Excel

MD5: bd769dbc98cd93de6f124f1bc0d71cc7 SHA-1: c6ed103ef5d8f17f9a8e1a44d59059fdc21eb4ab SHA-256: 7143d6619440deccfd0106d67435ce0429b0bd9b48812db24667050715c06962

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a malicious Excel 97-2003 workbook by the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic, which specifically flags the 'Classic.Poppy' variant by 'VicodinES' and 'The Narkotic Network'. The document body contains text referencing this virus and its infection mechanism, including a path that suggests an attempt to infect or save to the 'xlstart' directory. This indicates a macro-based attack aiming to spread and potentially execute further malicious code.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.