Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 78bb772e233efc80…

MALICIOUS

Office (OLE)

713.5 KB Created: 2004-07-28 13:44:20 Authoring application: Microsoft Excel
MD5: 232881c223826a2d2f98eb1ccb4f2077 SHA-1: afd9d62190f2dbea35ba68457a1fd187813eb572 SHA-256: 78bb772e233efc80efa6d2a25eb765230ac40d18c7d7cbfb042f0aaa7a22af82
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates the presence of a legacy Excel formula macro virus, known as Poppy. The document body, while appearing to be a financial report, contains numerous sheet names that are likely related to the macro's functionality. The file's metadata indicates it is an Excel file, further supporting the macro-based attack vector. No scripts were extracted, but the heuristic firing is sufficient for attribution.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.