Office (OLE) / .XLS malware analysis — malicious · 761d466889779157

MALICIOUS

Office (OLE) / .XLS

697.0 KB Created: 2010-08-09 01:24:58 Authoring application: Microsoft Excel

MD5: d8eed3a1a8765fbce7be8ae98373bd3f SHA-1: 0c4287aa1a25742e73f4d3eb4bf7a2a7c1ddc351 SHA-256: 761d46688977915720a663f2ae0fec0f63585f58ced9f70f80a43ff285be3357

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'XF.Classic' and associated with 'Poppy by VicodinES' and 'The Narkotic Network'. The document body contains VBA-like comments referencing infection routines and a payload, alongside what appears to be a legitimate price quote for windows, likely serving as a lure. The virus aims to infect other workbooks and potentially execute a payload.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.