Poppy Office (OLE) malware analysis — malicious · 94dce09295c731e8

MALICIOUS

Office (OLE)

636.5 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 40c0f0e89c702f9c5e2a9ab9c78431c9 SHA-1: 5abce5829bbb275a1da9cf4f1e06a97c6a7616b2 SHA-256: 94dce09295c731e8bbc8d76352d7aa7e52717add4a413e14427c753227cc4844

60 Risk Score

Malware Insights

Poppy · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel 4.0 macro virus, specifically the 'Poppy' variant. This type of malware typically executes malicious formulas embedded within the spreadsheet. The presence of the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic firing strongly indicates this malicious behavior.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.