Office (OLE) malware analysis — malicious · 7df6f342ececdf05

MALICIOUS

Office (OLE)

2.96 MB Created: 2004-08-31 03:04:36 Authoring application: Microsoft Excel

MD5: 1c72d72e2872e2584074f364bff9a2f3 SHA-1: b6d4570b667ba6e64ca6f3b0ddd49cd045a31655 SHA-256: 7df6f342ececdf0507a81e074d6f96700e9be764caf2d6352232ea7e943cf00c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this Excel file contains a legacy formula macro virus, specifically identified as 'Classic.Poppy by VicodinES' and associated with 'The Narkotic Network'. The document body contains strings related to this virus, including its name and author. This suggests the file's primary purpose is to leverage this known macro virus for malicious execution.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.