Office (OLE) / .XLS malware analysis — malicious · bdcf9628beff0ae0

MALICIOUS

Office (OLE) / .XLS

1.98 MB Created: 2007-02-01 07:31:23

MD5: 60340d7549d9e569514b51959826ebdd SHA-1: fe9a87c4638bbca2f626ef10461a14f93586c2d1 SHA-256: bdcf9628beff0ae06628b132916edb7b09096b518ac36de6e258128bb7ffc1f6

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy' or 'XF.Classic' by 'The Narkotic Network'. The document body confirms this, showing embedded script markers and references to infecting and saving workbooks as 'Book1.xls'. The virus appears to be designed to spread by infecting new workbooks and saving them in the XLSTART directory.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.