Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 9d6d679b53fdda3a…

MALICIOUS

Office (OLE)

47.5 KB Created: 2002-10-01 01:08:45 Authoring application: Microsoft Excel First seen: 2015-09-24
MD5: 6d1c48e86d1b9260af2890d7e7b77790 SHA-1: 769dbcbe544d47cb6fc88b95f8554f131973cbb2 SHA-256: 9d6d679b53fdda3ae0b1c026f02d5578c985ceed54bf5b2b67a2030e256cb048
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy by VicodinES' and 'XF.Classic'. The embedded text confirms its nature as an 'Excel Formula Macro Virus' and mentions its intent to infect other workbooks, suggesting a self-propagating malicious behavior. The IOCs are derived from the specific names associated with this known legacy malware.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.