Office (OLE) malware analysis — malicious · a09753615f57c5a7

MALICIOUS

Office (OLE)

175.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel First seen: 2015-09-22

MD5: 00675d78c4283f0f70ea5c4a87297c70 SHA-1: 035c2f9fb4d89366796ed0686f2e440ae98f7bf5 SHA-256: a09753615f57c5a7b90ffe23b7a2093b800fdad4fa177a4d06da984f6447f147

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates the presence of a legacy Excel Formula Macro Virus marker, specifically mentioning 'Excel Formula Macro Virus', 'XF.Classic', 'Poppy by VicodinES', and 'The Narkotic Network 1998'. The document body contains text referencing these markers and describes actions like infecting other workbooks, suggesting a macro-based infection and potential payload delivery mechanism. The XLM macro presence points to T1059.005.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.