XF.Classic Office (OLE) / .XLS malware analysis — malicious · af2e95a3ababd170

MALICIOUS

Office (OLE) / .XLS

217.5 KB Created: 2010-05-28 02:19:48 Authoring application: Microsoft Excel

MD5: e40fb104aa7812e54397a83a4d068eda SHA-1: 2240b64ab4a7ef40c2f550196dd3656d27afa57a SHA-256: af2e95a3ababd170e350335c0a9744e91f303db8c1913543b2fbf675210679bb

60 Risk Score

Malware Insights

XF.Classic · confidence 85%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically referencing 'XF.Classic', 'Poppy by VicodinES', and 'The Narkotic Network'. The embedded strings suggest a potential payload related to 'Hydrocodone/APAP 10-650 For Your Computer' and indicate an attempt to infect other workbooks by modifying the 'xlstart' directory.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.