Office (OLE) malware analysis — malicious · b7024cca0b0d076f

MALICIOUS

Office (OLE)

176.5 KB Created: 2014-05-14 09:04:35 Authoring application: Microsoft Excel First seen: 2015-09-17

MD5: 3edd5dc65861d28be5ef409ac9fe7a43 SHA-1: 860aaa0a57d2d5c876faa8962a595156c97a2ad2 SHA-256: b7024cca0b0d076f2d2dc30e7f282d8c6a58f575be0264ff977cf7dee9a78fa4

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file contains critical heuristics indicating the presence of a legacy Excel Formula Macro Virus, specifically mentioning 'Poppy by VicodinES' and 'The Narkotic Network'. This suggests the file is designed to execute malicious code via Excel 4.0 macros. The extracted document body, while appearing to be academic course information, also contains fragments related to the macro's origin and potential payload.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.