Office (OLE) / .XLS malware analysis — malicious · 7ddee802b48593a5

MALICIOUS

Office (OLE) / .XLS

315.0 KB Created: 2006-03-17 00:49:40 Authoring application: Microsoft Excel

MD5: c72ddd0e48a222efd1f6f05fb9312747 SHA-1: 9886eac3468c7f888d0038878c4e0ca5c5b60e66 SHA-256: 7ddee802b48593a586d5a39d5d452ad0600233f914e89c1bd15d626c504ac5f7

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy' by 'VicodinES' and associated with 'The Narkotic Network'. The document body contains embedded strings and comments that explicitly describe its function: infecting other workbooks and saving them as 'Book1.xls' in the 'xlstart' directory, suggesting a propagation mechanism.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.