Office (OLE) / .XLK malware analysis — malicious · b741ac2e9f4f89f6

MALICIOUS

Office (OLE) / .XLK

357.5 KB Created: 2004-01-05 13:44:13 Authoring application: Microsoft Excel

MD5: ca98eed045daec165f0606dc3294f2e1 SHA-1: be4c88525e5077d94abeca533baa1d2ce15a15ae SHA-256: b741ac2e9f4f89f6ceb14ae746db848c4811a8355758ff446fe6993dcfa9894c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy by VicodinES' and 'XF.Classic'. The document body contains strings related to infection and payload delivery, such as 'Add New Workbook, Infect It, Save It As Book1.xls' and 'Simple Payload'. This suggests the primary function is to spread itself to other Excel files.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.