Office (OLE) / .XLS malware analysis — malicious · 9e3c4859ed8b67e0

MALICIOUS

Office (OLE) / .XLS

66.5 KB Created: 2003-11-19 03:55:27 Authoring application: Microsoft Excel

MD5: a63896ba25713dbb3f843c3c26ffaf75 SHA-1: 8f1ad11c4b82719ee048768a4c1d352f2f93a425 SHA-256: 9e3c4859ed8b67e010d65a9eebcaf1677ffe393cf5f40f138d57dc4cef43b2a1

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy' or 'XF.Classic' by 'The Narkotic Network'. The document body contains text related to lottery results ('KQXS Cty', 'KQXS Coâng Ty') and explicitly mentions 'Classic.Poppy by VicodinES' and 'An Excel Formula Macro Virus (XF.Classic)', along with a 'Simple Payload' section. This suggests the primary function is to infect other Excel workbooks, likely disguised with a lure related to lottery results.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.