Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 cc6afd705a0d4fac…

MALICIOUS

Office (OLE)

80.5 KB Created: 2007-02-05 04:22:02 Authoring application: Microsoft Excel First seen: 2015-09-20
MD5: 32ecb47dfb2fc3a4ff1381f2132477e0 SHA-1: 8647f0eabd58383b9a3f1e22f2745a198f0898fa SHA-256: cc6afd705a0d4fac260e78ef7e6de3a632958ef881713c75b81a03509b3f61ac
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an Excel file containing what appears to be financial statements, a common lure for macro-enabled documents. A critical heuristic firing indicates it is a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES'. This suggests the file contains malicious macros designed to execute.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.