Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 a8de39fe558a8a8b…

MALICIOUS

Office (OLE)

22.0 KB Created: 2008-10-24 00:58:36 Authoring application: Microsoft Excel
MD5: db49351bdb60cdd80dc81d92cb96dc13 SHA-1: c687118d9846283fa463faa62027167f4edeb49b SHA-256: a8de39fe558a8a8b6939f4f7e72086ee3c1d5e634adc9ea81c826ac338625269
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' by VicodinES, also known as 'Poppy'. The document body indicates it infects other workbooks and attempts to display a message related to medication. The presence of macro virus markers and the file's structure strongly suggest malicious intent.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.