Office (OLE) / .XLS malware analysis — malicious · d637075c0b1fbe0b

MALICIOUS

Office (OLE) / .XLS

225.5 KB Created: 2006-01-12 02:36:23 Authoring application: Microsoft Excel

MD5: 00d2bb8cee7dcfb90e3aa2e1b31b748e SHA-1: 18331eb58ebfbb7da21742fd930aa381e78e325e SHA-256: d637075c0b1fbe0b366accab89d3723aa2383d5e33eec2e4f74f31312019d13f

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES'. This suggests the file is designed to execute malicious XLM macros. The presence of the 'XL4Poppy' string in the document body further supports this. No specific IOCs like URLs or hashes were extracted, but the markers themselves are indicators of this type of threat.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.