Office (OLE) / .XLS malware analysis — malicious · 918ba10ed64e90f6

MALICIOUS

Office (OLE) / .XLS

1.35 MB Created: 2010-01-29 15:08:59 Authoring application: Microsoft Excel

MD5: 49b8fff9adc75db0c3a5e9e544078a1f SHA-1: f866ebdc61cb103a67c52239927aecb3cc61f73a SHA-256: 918ba10ed64e90f619023821de35f8e7f5145e2b00a227eb664c1add118f1382

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is an Excel 4.0 macro-enabled spreadsheet. Heuristics indicate the presence of legacy Excel macro virus markers, specifically mentioning 'Poppy by VicodinES' and 'The Narkotic Network'. The document body, presented as a student grade report, contains references to 'lan 4.xls' and 'Book1.xls', suggesting these are target files for infection or execution. The macro's intent appears to be the infection and saving of a workbook, likely as a downloader or dropper.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.