Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 9bca2ea24f429672…

MALICIOUS

Office (OLE)

414.0 KB Created: 2010-04-30 23:23:17 Authoring application: Microsoft Excel
MD5: a9e01ed936d687ae8a5ef06fb0ba4e9b SHA-1: a740f30931cb09959dc7a89d02ccc29b292a259e SHA-256: 9bca2ea24f429672a4e521f46d4c9e86c868db7a9ab0258e186b7b70be497e11
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy' by 'The Narkotic Network'. The document body contains text that appears to be a mix of network outage reports and references to medication (Hydrocodone/APAP), suggesting a lure or distraction. The script section explicitly details the infection process, including adding a new workbook, infecting it, and saving it as 'Book1.xls' in the XLSTART directory, which is a common technique for macro viruses to achieve persistence and spread.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.