Office (OLE) / .XLS malware analysis — malicious · d16ed81fdeb3a0bb

MALICIOUS

Office (OLE) / .XLS

90.5 KB Created: 2004-04-12 03:19:29 Authoring application: Microsoft Excel

MD5: 233eb53595ddad8381d61259c6ee5a40 SHA-1: 7ab7946e0dd92a1078f06c32788846be94d823e2 SHA-256: d16ed81fdeb3a0bb2f22affa6a4f9c40fe2091f322eee02ef045162581b1645a

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Poppy by VicodinES' and 'XF.Classic'. The document body contains text related to employee lists and also includes embedded strings referencing the virus's name and its nature as a macro virus. The virus appears to infect other workbooks and potentially display a payload related to 'Hydrocodone/APAP 10-650'.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.