Office (OLE) / .XLS malware analysis — malicious · b4579db598ad1237

MALICIOUS

Office (OLE) / .XLS

857.5 KB Created: 2002-08-05 03:52:27 Authoring application: Microsoft Excel

MD5: 648e1087e1b72dde932f634e7572fa3c SHA-1: 9adb4d4541184122f4c774f5467fea0bf8819d19 SHA-256: b4579db598ad1237deed34eab4825e568c2d3aadba8645266f74f8db156b4c0f

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'XF.Classic'. The document body contains strings related to this virus, including its name and authoring group. The presence of these markers strongly indicates a malicious intent to infect other Excel files.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.