Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 abf12db13281d87e…

MALICIOUS

Office (OLE)

1.99 MB Created: 2009-08-24 04:39:39 Authoring application: Microsoft Excel
MD5: ea792d0d260024dc4569038174cbe21d SHA-1: 5307309fa5b03a88752238ced8881955fee1842b SHA-256: abf12db13281d87e8bd2a6eca82191b7f8402b143308b5baf178bd928fca293c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. The document body contains strings like 'An Excel Formula Macro Virus (XF.Classic)' and 'Hydrocodone/APAP 10-650 For Your Computer', indicating a malicious intent to spread and potentially deliver a harmful payload. The presence of a path to 'xlstart\Book1.xls' suggests an attempt to infect the user's Excel startup directory.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.