Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 74a34cb46038b05b…

MALICIOUS

Office (OLE) / .XLS

556.0 KB Created: 2010-04-06 08:06:09 Authoring application: Microsoft Excel
MD5: 24561d8d1edd62b225784ab7b6717f2c SHA-1: 96436a1c0e91b75bdc28bbbe19392f215a740c52 SHA-256: 74a34cb46038b05bb42827c65dc0967badbf1c1e8bbdae772767dcfeb1bc4bb1
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a malicious Excel 97-2003 Workbook (OLE) containing a legacy Excel formula macro virus, specifically 'XF.Classic' attributed to 'The Narkotic Network' and 'VicodinES'. The document body text mimics official-looking training material from a Vietnamese vocational college, suggesting a spearphishing attachment delivery method. The presence of 'XLSTART\Book1.xls' indicates an attempt to establish persistence or auto-execution within Excel's startup directory.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.