Office (OLE) / .XLS malware analysis — malicious · 83330ec253d293e1

MALICIOUS

Office (OLE) / .XLS

3.14 MB Created: 2005-01-25 04:23:55 Authoring application: Microsoft Excel

MD5: 8b6f96bee1c6ae5458d9b90c5a5cba6e SHA-1: 71276c302385dbaf9cda54421a8924aae423d045 SHA-256: 83330ec253d293e1f6b9982d9dd2b15473e2c94fba1fc04d2a7d5de16d4dab3e

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1059.001 PowerShell

The critical heuristic firing indicates the presence of a legacy Excel Formula Macro Virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file is designed to execute malicious code via Excel 4.0 macros. The document body appears to be unrelated financial or project data, likely a lure. No URLs or specific script content were extracted to further detail the payload delivery or execution.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.