Office (OLE) / .XLS malware analysis — malicious · bc9cd56c5e9ff3de

MALICIOUS

Office (OLE) / .XLS

286.0 KB Created: 2010-04-27 04:36:22

MD5: 3154eb2363674882e3a98153dca7b2bf SHA-1: 236783b0f50557b8e2fc7cc79fa39f0ccd5171ff SHA-256: bc9cd56c5e9ff3de1de147f79f84c9e5b625e8788faa759e9a60ac0763f7c28a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is an XLS file identified as a legacy Excel Formula Macro Virus, specifically 'Poppy by VicodinES' from 'The Narkotic Network'. The embedded script indicates it infects new workbooks and saves them as 'Book1.xls' in the XLSTART directory, facilitating its spread. The document body contains Korean text related to building use codes, which appears to be decoy content.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.