Office (OLE) / .XLS malware analysis — malicious · beb58bfcb49cd402

MALICIOUS

Office (OLE) / .XLS

1.52 MB Created: 2004-04-08 15:18:15 Authoring application: Microsoft Excel

MD5: e9cf509df66613181788198585492946 SHA-1: 71f1a1726bacf6cf1ea73b91a281c80375518044 SHA-256: beb58bfcb49cd40290de0ba2bed6f737990b5d03215d148f9bc955a2a52beb55

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing for 'OLE_XLS_FORMULA_MACRO_VIRUS' and the medium firing for 'OLE_XLM_AUTOOPEN' strongly suggest the presence of legacy Excel macros. The marker 'Poppy by VicodinES' is explicitly mentioned, indicating a known, albeit older, malware artifact. The document body text appears to be financial or business-related data, likely serving as a lure for the macro execution.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.