Office (OLE) / .XLS malware analysis — malicious · 888d2335808747b4

MALICIOUS

Office (OLE) / .XLS

3.25 MB Created: 2006-03-20 08:41:27 Authoring application: Microsoft Excel

MD5: 25531333d982f98bda18091117e61a12 SHA-1: d8e402bcecadbcc36820e795479fe3fcde2aa47c SHA-256: 888d2335808747b464814ed51c7d92ee3d196b39905188bfd83a6f447a068d10

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample contains a critical heuristic firing for a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. The document body contains embedded strings and comments indicating the intent to infect other workbooks, such as 'Add New Workbook, Infect It, Save It As Book1.xls' and references to 'xlstart\Book1.xls'. This suggests the macro attempts to spread itself to other Excel files within the startup directory.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.