Office (OLE) / .XLS malware analysis — malicious · 9458463391ecdb9b

MALICIOUS

Office (OLE) / .XLS

4.31 MB Created: 2005-01-07 04:41:56 Authoring application: Microsoft Excel

MD5: 7b2ba5c505dab35185805597e4fafb12 SHA-1: 9fa089b23e3ec4b292ca00233764403438e7bb0a SHA-256: 9458463391ecdb9b4122d8b66f1903b8ef503dadea400ee2312f0f217bdeeb76

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel 4.0 macro virus, specifically referencing 'Classic.Poppy by VicodinES' and 'The Narkotic Network'. The presence of 'Auto and On Sheet Starts Here' and the infection logic described in the document body indicate that the macro is designed to infect other Excel workbooks, particularly by placing a copy in the startup folder ('xlstart\Book1.'). This suggests a self-propagating mechanism within Excel environments.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.