Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 c60ea2aa60918e02…

MALICIOUS

Office (OLE) / .XLS

754.5 KB Created: 2010-07-07 03:45:06 Authoring application: Microsoft Excel
MD5: 424e8793c56447ea29ae32e132c053cc SHA-1: f718a3e5dabf3fd9d662fab0265402ca791a2ac9 SHA-256: c60ea2aa60918e0243325cc89b7782d66afbbfa20802e871048327f38d9bcd61
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this is a legacy Excel macro virus, specifically identified as 'Poppy' and 'XF.Classic' by 'The Narkotic Network'. The document body confirms this, referencing 'Excel Formula Macro Virus (XF.Classic)' and 'Poppy by VicodinES', along with a lure related to 'Hydrocodone/APAP 10-650 For Your Computer'. The virus appears to infect other workbooks and save them as 'Book1.xls'.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.