MALICIOUS
180
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The file exhibits critical heuristic firings indicating the presence of legacy Excel 4.0 (XLM) macros, specifically related to Auto_Open functionality and known macro virus markers like 'Poppy' and 'Narkotic Network'. These macros are designed to execute malicious code upon opening the document, likely for further exploitation or payload delivery.
Heuristics 3
-
Excel 4.0 (XLM) Auto_Open + macro sheet critical OLE_XLM_AUTOOPENWorkbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
-
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUSWorkbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
-
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUSWorkbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.
Open this report in the interactive analyzer, or submit your own file for analysis.