Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 84969fddd13b229b…

MALICIOUS

Office (OLE)

32.1 KB First seen: 2015-05-10
MD5: 91951b168f4e3d42a4cdea345d739e22 SHA-1: bad0fe7f2dcde81b8faefc5ff53ee652425cb572 SHA-256: 84969fddd13b229b3e7457f5db4a4497a4cbe48afc23476213d691d5c7330898
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'The Narkotic Network 1998'. The embedded text indicates an attempt to infect other Excel workbooks, specifically targeting 'Book1.xls' in the 'xlstart' directory, suggesting a mechanism for persistence or further infection.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.