Office (OLE) malware analysis — malicious · 89beb2f6da3d67bb

MALICIOUS

Office (OLE)

834.0 KB Created: 2000-01-03 17:31:20 Authoring application: Microsoft Excel

MD5: 2007cbf1ecbd07aa946a920f616ebab1 SHA-1: f6787c5b592a6a3d8b682c03025a0dbb33ac7baa SHA-256: 89beb2f6da3d67bb358751ea466ca35ddcf337da38be910de495ccfaf6a43e2a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is an Excel file containing legacy Excel 4.0 macros, identified by the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic. The embedded text explicitly mentions 'Excel Formula Macro Virus (XF.Classic)' and 'Classic.Poppy by VicodinES', indicating a known type of macro-based threat. The script's intent appears to be infecting other workbooks, specifically saving infected copies as 'Book1.xls', which is a common technique for macro viruses to spread.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.