Office (OLE) / .D52 malware analysis — malicious · d46c738f089ebcc3

MALICIOUS

Office (OLE) / .D52

4.13 MB Created: 2009-01-02 16:06:10 Authoring application: Microsoft Excel

MD5: 10d31c93d21066d64b23bbee6db26a0d SHA-1: edcc8ed626ebe6d4a0cb4b8349a798c89eba7fd7 SHA-256: d46c738f089ebcc350ca531a41eb66a42c6ae198199bf2df90e2e1d00fcf2b20

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of a legacy Excel formula macro virus. The markers 'Poppy by VicodinES', 'Narkotic Network', and 'XF.Classic' suggest a known, albeit old, type of macro-based threat. The document body contains what appears to be a parts list or inventory, which is likely a lure to disguise the malicious macro's presence.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.