Office (OLE) / .XLS malware analysis — malicious · b33aac9dec5ccf94

MALICIOUS

Office (OLE) / .XLS

28.0 KB Created: 2008-07-16 14:25:59 Authoring application: Microsoft Excel

MD5: 7765596e1e80d2a8957d63fe08a6817a SHA-1: a7283c50323bbaff57c2c830366c0235ea658312 SHA-256: b33aac9dec5ccf9479e76b2dece561b22bfb9620800fb7ef23fc1566db2f1a63

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' directly indicates the presence of a legacy Excel formula macro virus. The DOC BODY content further corroborates this by mentioning 'XL4Poppy', 'Excel Formula Macro Virus (XF.Classic)', and 'Poppy by VicodinES', suggesting the virus's name and origin. The document also contains references to infecting 'Book1.xls', indicating a potential mechanism for propagation.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.