XF.Classic Office (OLE) / .XLS malware analysis — malicious · 8e610bffdb30b357

MALICIOUS

Office (OLE) / .XLS

440.5 KB Created: 1999-01-11 09:54:29 Authoring application: Microsoft Excel

MD5: 11c7d72ebe931d5b5d0c2e6cb8b42434 SHA-1: 37a5c9d8999564b5eb547161c228aa55b405b7a2 SHA-256: 8e610bffdb30b3576349aad5177f57fdf01a754a73b7a77123c6dbaa8cc3de71

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a legacy Excel 4.0 macro virus, specifically 'XF.Classic' by 'VicodinES' and 'The Narkotic Network'. The embedded text explicitly mentions 'An Excel Formula Macro Virus (XF.Classic)' and 'Hydrocodone/APAP 10-650 For Your Computer', indicating its nature and a potential lure. The virus's payload involves infecting other workbooks and saving them as 'Book1.xls'.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.