Office (OLE) malware analysis — malicious · b2a68a619f3fc798

MALICIOUS

Office (OLE)

5.72 MB Created: 2000-05-26 16:45:09 Authoring application: Microsoft Excel

MD5: 79859af91270c53e31d9f4faa1806e6a SHA-1: ac073ace9fcb6bb059588fe7d9d58ea2dff001c6 SHA-256: b2a68a619f3fc798a49c974e2840f4cd0b09e941a27cfef30d3d2932d3b7ff9c

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1059.001 PowerShell

The sample is an Excel file containing legacy Excel 4.0 macros, indicated by the OLE_XLM_AUTOOPEN and OLE_XLS_FORMULA_MACRO_VIRUS heuristic firings. The presence of 'XL4Poppy' in the document body suggests it may be related to the Poppy malware family, which is known for its use of Excel 4.0 macros. The macros are likely designed to execute arbitrary code, potentially for financial fraud or as a downloader for additional malicious payloads.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.