Office (OLE) / .XLS malware analysis — malicious · 76ce2bd919932ff0

MALICIOUS

Office (OLE) / .XLS

39.5 KB Created: 2005-10-16 08:53:23 Authoring application: Microsoft Excel

MD5: 7fadae2e72cca28d7b76651297248fc6 SHA-1: 7fe0271867744c0e66b31a132b13b2cc30b34730 SHA-256: 76ce2bd919932ff0628e88ab55c6467e53542eb6e15c044aba6f69bb9a402efa

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy' by 'VicodinES' and associated with 'The Narkotic Network'. The document body contains strings like 'An Excel Formula Macro Virus (XF.Classic)' and 'Hydrocodone/APAP 10-650 For Your Computer', further confirming its malicious nature and providing a potential clue to its origin or theme. The presence of a path pointing to 'xlstart\Book1.' suggests an attempt to infect new workbooks upon opening.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.