Office (OLE) malware analysis — malicious · ac70b25322b22d18

MALICIOUS

Office (OLE)

434.0 KB Created: 2005-08-27 15:38:27 Authoring application: Microsoft Excel First seen: 2015-09-27

MD5: 806602f7c3ea25359d1637badee8e9a8 SHA-1: 5a97d73e641c72c9253f1a7acf7a0601da7d75d0 SHA-256: ac70b25322b22d18b469b6f770fadeb1268c3cadae3837aebfa9ef077d4fe54f

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates the presence of legacy Excel Formula Macro Virus markers, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file contains malicious XLM macros designed to execute arbitrary code, likely for downloading further payloads or stealing information. The document body contains what appears to be student grade data, a common lure for macro-enabled documents.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.