Office (OLE) malware analysis — malicious · d34e2c3fd76a1415

MALICIOUS

Office (OLE)

303.5 KB Created: 2012-06-06 01:30:27 Authoring application: WPS Office ×¨Òµ°æ First seen: 2015-09-17

MD5: 3f9c119ca6491df2f239cf973927af90 SHA-1: 56215a67f394b50c17644df0637dfb7c2ad8d65d SHA-256: d34e2c3fd76a14153d7f0f1f296f51af7fc1c024f0c7386bcfd994573c97e24f

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The file contains critical heuristic firings indicating the presence of a legacy Excel Formula Macro Virus, specifically mentioning 'Poppy by VicodinES' and 'The Narkotic Network'. The document body, while containing seemingly benign tabular data, also includes embedded strings related to these macro viruses and their infection process. This strongly suggests the file is designed to execute malicious code via XLM macros, likely to download and run a secondary payload.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.