Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 ab279e912427c86e…

MALICIOUS

Office (OLE)

542.0 KB Created: 2010-04-12 08:48:00 Authoring application: Microsoft Excel First seen: 2015-09-24
MD5: 649e14a82150ada2860e9eaf648413b0 SHA-1: 8931f8a622801a1c40c28d4d523a9ebe9768b810 SHA-256: ab279e912427c86e88f188182f0e2a257f460619feca0112d0d3c781b5ca74bf
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file identified as a legacy Excel formula macro virus, specifically 'Poppy by VicodinES'. The heuristic firing indicates it's designed to infect other workbooks and potentially execute malicious code. The embedded text confirms this, referencing 'Excel Formula Macro Virus (XF.Classic)' and 'Simple Payload', suggesting a downloader or dropper functionality.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.