Office (OLE) / .XLS malware analysis — malicious · 71b6ed4d1b36e957

MALICIOUS

Office (OLE) / .XLS

620.0 KB Created: 2002-01-18 02:38:26 Authoring application: Microsoft Excel

MD5: 0a290a8f833489ca8b3649dc2f03d5f7 SHA-1: ea378a6628edd0e015e4c65b8cae6b9820620e5f SHA-256: 71b6ed4d1b36e957867b8a5f79ac8cd131c19c4441245dad24f5521c8b165814

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a legacy Excel formula macro virus, specifically 'Classic.Poppy by VicodinES' and 'XF.Classic' from 'The Narkotic Network'. It contains VBA code that attempts to infect other workbooks and save itself as 'Book1.xls' in the Excel startup directory.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.