Office (OLE) / .XLS malware analysis — malicious · 97137aef82c18298

MALICIOUS

Office (OLE) / .XLS

80.5 KB Created: 2003-10-09 06:28:09 Authoring application: Microsoft Excel

MD5: 2b5f8129d036300baa5882b53cf1e5a3 SHA-1: a77460a9ecb68fb38a6140ff2e3e1356182d81cb SHA-256: 97137aef82c18298a0c45d1a8c24a70d36aa648f05e7e07bb3da2a84661ea2d7

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a legacy Excel formula macro virus (XF.Classic, Poppy). The document body contains text related to tax predictions and instructions to send the file to a specific email address (cygs6swz@sina.cn), suggesting a phishing or social engineering lure. The presence of 'xlstart\Book1.xls' indicates an attempt to infect the Excel startup directory for persistence. The heuristic firing confirms the presence of a known Excel macro virus.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.