Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 c7b6b9cac447921c…

MALICIOUS

Office (OLE) / .XLS

205.0 KB Created: 2006-02-04 05:19:05 Authoring application: Microsoft Excel
MD5: 31f3cddafb6d00a6ce1613a7ada9478e SHA-1: 53a9de7c91a3ffe28dc93074e3e81ba66b6ca8c5 SHA-256: c7b6b9cac447921cdad434dd460d06162cddecac8c868d7b70538cd612d9353d
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic firing explicitly identifies this XLS file as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'XF.Classic'. The embedded text confirms the presence of these markers and references 'The Narkotic Network 1998', indicating a known, albeit old, malware family. The document body itself appears to be a financial or utility bill template, likely used as a lure.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.