Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 7221d3b7ecd1c3d2…

MALICIOUS

Office (OLE)

1.10 MB Created: 2008-01-21 08:47:21 Authoring application: Microsoft Excel
MD5: da445a43a82653bbcb1457c6a6f797bd SHA-1: f7242db28e2cb2066ced62f7958f08881472485d SHA-256: 7221d3b7ecd1c3d2f13150e867dd6da6dcb7fd3b8131d5c144e094076274f23e
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing a legacy Excel formula macro virus marker, specifically identifying it as 'Poppy by VicodinES'. While the VBA project itself contains no executable statements, the presence of the formula macro virus marker indicates a high likelihood of malicious intent, likely to execute arbitrary code or download further payloads. The document body contains what appears to be financial or organizational data, potentially used as a lure.

Heuristics 2

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
  • VBA project contains no executable statements low OLE_VBA_MACROS
    Document contains a VBA project, but extracted modules only contain attributes/options/comments and no executable statements.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
894ab84e4c03b0c16039e8b42c431c65c23b76a18a397227a99886d6400da4bf		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3617 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.