Office (OLE) / .XLS malware analysis — malicious · 8dcd48c4f6d1da8f

MALICIOUS

Office (OLE) / .XLS

441.0 KB Created: 2010-06-17 06:47:20 Authoring application: Microsoft Excel

MD5: 374ee67e4662bacfc2ed4c772de87f7a SHA-1: d9bc21675a10640f7ef2b1e30ee6b8d846fa8ba4 SHA-256: 8dcd48c4f6d1da8f96e2f8c0dfac8c81fd71529b857a3cb1c8ff8e45b709fbfa

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' or 'Poppy by VicodinES'. The document body contains text related to business processes but also includes embedded strings and comments referencing the virus name and its origins. The presence of 'Auto and On Sheet Starts Here' and 'Infect Workbook' strongly suggests the macro's intent is to infect other Excel workbooks.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.