Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 c99e68bb9a6eec8b…

MALICIOUS

Office (OLE)

61.5 KB Created: 2008-03-19 04:19:32 Authoring application: Microsoft Excel
MD5: d130adb2b7a9c1bf89ce82df1be747a9 SHA-1: baa1f51eb6d5b82712b9c21aaf8833da8f43f24b SHA-256: c99e68bb9a6eec8bf89544c757e3963a5abaffddcf9081f7693e355abb4c78b7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this is a legacy Excel 4.0 macro virus, specifically identified as 'XF.Classic' and associated with 'Poppy by VicodinES' and 'The Narkotic Network'. The document body contains text related to music copyright declarations and also includes strings like 'Classic.Poppy by VicodinES', 'An Excel Formula Macro Virus (XF.Classic)', and 'The Narkotic Network 1998', confirming the heuristic's finding. The virus appears to be designed to infect other Excel workbooks.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.