XF.Classic Office (OLE) / .XLS malware analysis — malicious · acc83c7c249f8ee8

MALICIOUS

Office (OLE) / .XLS

827.0 KB Created: 2000-03-07 14:04:16 Authoring application: Microsoft Excel

MD5: 9d8ed1c4bb16ff29e498a19f4c409152 SHA-1: 817afa7fa1e3b786717ca41cf30f0c23dd6326f9 SHA-256: acc83c7c249f8ee8ed9acdb4a5f98dfa51ce4aa5198186465eb48119a1c2b2b6

60 Risk Score

Malware Insights

XF.Classic · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this sample as the XF.Classic Excel Formula Macro Virus, also known as Poppy. The embedded text confirms its nature as a macro virus, mentioning infection routines and payload delivery. It also reconstructs paths where it attempts to save infected files, indicating its propagation mechanism.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.