Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 af50e5e4d67795c8…

MALICIOUS

Office (OLE)

98.0 KB Created: 2003-09-22 06:54:55 Authoring application: Microsoft Excel First seen: 2015-09-17
MD5: 37346af81b7a90e4fd9b8fe0cb1f7510 SHA-1: 02139dc8165e9898c4c43a91ba8f66e64d0972a9 SHA-256: af50e5e4d67795c86d5144191bbe00a34c88bf842caca4f60a422e00041a7686
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is an Excel spreadsheet containing financial planning data in Vietnamese. A critical heuristic identified it as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file contains malicious macros designed to execute.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.