Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 c6ad2cec710698a6…

MALICIOUS

Office (OLE)

247.0 KB Created: 2006-09-27 05:35:47 Authoring application: Microsoft Excel First seen: 2015-09-20
MD5: 10add72df35592201322a527dc00ed60 SHA-1: 6dc7b50e0a5e637d6741a4d212aaba9bed53289c SHA-256: c6ad2cec710698a6512f38c002b361227a833efde2ee7a742b0b86ebbe031a65
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. The document body contains what appears to be tabular data, but the primary threat stems from the embedded macro. The macro is likely designed to execute malicious commands or download further payloads.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.