Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 d8c41a53737bf4d3…

MALICIOUS

Office (OLE)

293.5 KB Created: 2012-12-01 22:44:29 Authoring application: Microsoft Excel First seen: 2015-09-16
MD5: 336310cc78cccaed821ae88e944a6fe0 SHA-1: 71d7584a712fd072157150be2816d94122e85e69 SHA-256: d8c41a53737bf4d3779bc508c0dd06b0fb393a6dd87bcdb6b0c4934a12c8835a
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of a legacy Excel formula macro virus. The embedded script fragments, such as 'Classic.Poppy by VicodinES' and '(C) The Narkotic Network 1998', further support this classification. The file attempts to infect other workbooks by saving itself as 'Book1.xls' in the XLSTART directory.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.