Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 8a01465bb7eae134…

MALICIOUS

Office (OLE)

713.5 KB Created: 2004-07-28 13:44:20 Authoring application: Microsoft Excel
MD5: 246d451bbf1feef78f13721b6bb407b0 SHA-1: 6cb57afc2001b4f5d59eb2db340ba61f5bd6d558 SHA-256: 8a01465bb7eae13466be5a5e88b042de0f0c30a01f27d3c9538df51fc5022d5f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is an Excel document flagged as a legacy macro virus. The document body lists various fees and services, suggesting a potential lure for financial scams or to disguise malicious intent. The presence of specific markers like 'Excel Formula Macro Virus', 'XF.Classic', 'Poppy by VicodinES', and 'Narkotic Network' strongly indicates a known type of legacy macro-based threat.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.