XF.Classic Office (OLE) / .XLS malware analysis — malicious · b2325e3d79cf22ed

MALICIOUS

Office (OLE) / .XLS

155.5 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel

MD5: 92f4bc3e97118553339fc06d56a4fb97 SHA-1: e950a44aabe1e1989b38f5c87c560d739db50535 SHA-256: b2325e3d79cf22ed1d6b85398dbedaa48b95ca11f6782be32e989a5d07841f0f

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' by VicodinES, also known as 'Poppy'. The embedded text indicates it infects other workbooks by saving itself as 'Book1.xls' in the Excel startup directory. This behavior suggests a self-propagating malicious macro.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.