Office (OLE) / .XLS malware analysis — malicious · c65f9494f6979de0

MALICIOUS

Office (OLE) / .XLS

68.0 KB Created: 1999-02-08 02:12:02 Authoring application: Microsoft Excel

MD5: 0e3f9f82ecbfde948647be94c9ab059c SHA-1: 65eb6a0200bed15e0e01bbeff5645e68c7fde614 SHA-256: c65f9494f6979de034aaf918ff17a89e6faf374f517ae5684d36ef6983324555

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'XF.Classic' and 'Poppy by VicodinES'. The document body contains text referencing 'Excel Formula Macro Virus', 'Classic.Poppy by VicodinES', and 'The Narkotic Network 1998', further supporting this classification. The script appears to be designed to infect other workbooks and save them as 'Book1.xls' in the Excel startup directory, potentially leading to further infection or payload delivery.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.