Office (OLE) / .XLS malware analysis — malicious · 89ba5be68f4bcd5d

MALICIOUS

Office (OLE) / .XLS

363.5 KB Created: 2009-04-18 02:17:36 Authoring application: Microsoft Excel

MD5: deda096e22e9483a90252e26ed411a61 SHA-1: 1fea4c0089ecda4f63776fc8e603256480fd79d8 SHA-256: 89ba5be68f4bcd5d786a64cc92a18ac5c2d4f59236439de173fedd79761a2af2

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is an Excel spreadsheet containing what appears to be a price list for electrical cables. A critical heuristic firing indicates the presence of a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the document is designed to deliver a malicious macro payload, likely for older Excel versions.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.