Office (OLE) / .XLS malware analysis — malicious · bb922c2f6805af0c

MALICIOUS

Office (OLE) / .XLS

150.5 KB Created: 2004-08-17 07:23:32 Authoring application: Microsoft Excel

MD5: 836c7670415f8b459b9af3ba655d67cd SHA-1: 4ff3a33a39f7ca7431def77fe60d4ad3faafe914 SHA-256: bb922c2f6805af0c9ca6e9f71df59d647add721a0eeabc95a4bf6d102c56a4af

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'XF.Classic' by VicodinES, also known as 'Poppy'. The embedded text indicates it infects other workbooks and saves them as 'Book1.xls' in the Excel startup directory. This suggests a self-propagating mechanism within the Excel environment.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.