Office (OLE) / .XLS malware analysis — malicious · aeadd158d1bc6bac

MALICIOUS

Office (OLE) / .XLS

54.5 KB Created: 2002-01-30 00:54:19 Authoring application: Microsoft Excel

MD5: 0537352a1adffac96195e32e5d094e6d SHA-1: 4b180b5d981dbb5dd49a39fa2ea88288006b4357 SHA-256: aeadd158d1bc6bac3faeb7b20a6ec5d3144a2e73b49f66b26b36ae32e2c2e333

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file contains legacy Excel 4.0 (XLM) macro sheet markers and a critical heuristic firing indicating it is a 'Formula Macro Virus'. The script content explicitly mentions 'An Excel Formula Macro Virus (XF.Classic)' and 'Infect It, Save It As Book1.xls', indicating its purpose is to infect other Excel files. The presence of 'Poppy by VicodinES' and 'The Narkotic Network 1998' suggests a known, albeit old, malware lineage.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.