Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a8bc84e0de728df6…

MALICIOUS

Office (OLE) / .XLS

2.59 MB Created: 2002-10-08 03:14:18 Authoring application: Microsoft Excel
MD5: 810e8451c74650e6616fc15e5013dca4 SHA-1: 3980be1a6854e610869a360313bcb4a193e920d1 SHA-256: a8bc84e0de728df6d70040cdf9e96fd5c93c288fbc7c621e56b6045e40bdf70e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The file is an Excel spreadsheet identified as a legacy macro virus, specifically 'Poppy' by VicodinES, also known as XF.Classic. The document body contains Vietnamese text that appears to be a payroll or payment-related document, likely intended as a lure. The heuristic firing explicitly mentions 'Excel Formula Macro Virus' and associated names, indicating a known type of malicious macro. The presence of a truncated path suggests potential interaction with the Office installation directory.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.