Office (OLE) / .XLS malware analysis — malicious · 72fec8623a3d2e16

MALICIOUS

Office (OLE) / .XLS

37.5 KB Created: 2010-07-02 03:36:46 Authoring application: Microsoft Excel

MD5: cb5305ad02af487b13ba2f3ca7d63331 SHA-1: 1aeac7b409fc9f170fba7b750ae0a0af1ed2a1c5 SHA-256: 72fec8623a3d2e16b19ba4e409844fd6d416c9af83bd0c5e4b9daccc2bbb48ca

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy' and 'XF.Classic' by 'The Narkotic Network'. The document body contains strings related to infection routines, such as 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Infect Workbook', suggesting it aims to spread to other Excel files. The presence of 'C:\Program Files\Microsoft Office\OFFICE11\xlstart\Book1.' further supports the infection and persistence mechanism.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.