Office (OLE) / .XLS malware analysis — malicious · bba4cf57ebac4b8a

MALICIOUS

Office (OLE) / .XLS

522.0 KB Created: 2008-10-23 09:26:53 Authoring application: Microsoft Excel

MD5: 973531be8af0379b220eb1d100460e49 SHA-1: 683f2a9427ed50cee47a76e6cfd9343fca1482fe SHA-256: bba4cf57ebac4b8a90d1f8f9ab9b8e615a8a62ad4f64946615ed980657a47cf2

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a malicious Excel 4.0 macro virus, specifically 'Poppy' or 'XF.Classic', as indicated by the critical heuristic firing. The embedded text explicitly mentions 'Classic.Poppy by VicodinES' and 'An Excel Formula Macro Virus (XF.Classic)', along with payload details and infection mechanisms. The virus appears to infect new workbooks and save them as 'Book1.xls' in the 'xlstart' directory, suggesting a delivery and infection strategy.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.