Office (OLE) malware analysis — malicious · 8d1f8e70f6050a5f

MALICIOUS

Office (OLE)

361.0 KB Created: 2003-10-16 05:21:03 Authoring application: Microsoft Excel

MD5: 5a97fde4d5b3476e8eb9654fae76799a SHA-1: 50a1e284b087e740e9ff1261c02849e5a73c8a04 SHA-256: 8d1f8e70f6050a5f5f5aa670a64e7545c449d04322472f3450f63204a00501ae

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is identified as a legacy Excel formula macro virus, specifically 'Classic.Poppy by VicodinES' and 'XF.Classic'. The embedded text indicates its purpose is to infect other workbooks, as evidenced by the phrases 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Infect Workbook'. The virus appears to be part of the 'Narkotic Network' and was created by 'VicodinES'.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.