Office (OLE) malware analysis — malicious · a7f6f2b6a6316cf3

MALICIOUS

Office (OLE)

80.0 KB Created: 2006-06-29 01:47:42 Authoring application: Microsoft Excel First seen: 2015-09-23

MD5: 6fda6d501ff5443057c1e81d941e20b0 SHA-1: 161691606c90ce73ca3efee724754f0e99947769 SHA-256: a7f6f2b6a6316cf33705bdc24325e6c2b9583ac31fc6848caaa484b7f1b3ca61

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is identified as a legacy Excel formula macro virus, specifically 'Classic.Poppy' by 'VicodinES' and 'The Narkotic Network'. The embedded text indicates it's designed to infect other workbooks, with 'Book1.xls' and the 'xlstart' directory being targeted. This suggests a self-propagating or payload-delivery mechanism.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.