XF.Classic Office (OLE) / .XLS malware analysis — malicious · b458ac461d105421

MALICIOUS

Office (OLE) / .XLS

151.5 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel

MD5: fe885a1ee9067673e1ae01d6d46dac17 SHA-1: 59e7aa38bf7f751d5b33389e196386b49991293a SHA-256: b458ac461d1054213299b9217efeda48865b1b81eb4d0105ccd92ea7a7275526

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The sample is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' by VicodinES, also known as 'Poppy'. The embedded text explicitly mentions its function to infect other Excel workbooks and save them as 'Book1.xls' in the 'xlstart' directory, indicating a self-propagation mechanism. The heuristic firings directly support this classification.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.