Office (OLE) / .XLS malware analysis — malicious · daa1f1476e24e503

MALICIOUS

Office (OLE) / .XLS

440.5 KB Created: 1999-01-11 09:54:29 Authoring application: Microsoft Excel

MD5: 85d2a9e9c388c9e428cd421059e37e6c SHA-1: 539e89bb97f79fe6641d5a3d93a65adec7ef9583 SHA-256: daa1f1476e24e5030a47bdc43f70c21c4e0ece5c3fc78bf6394ae45830d57243

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'Classic.Poppy by VicodinES' and 'XF.Classic'. The embedded text confirms this, mentioning 'An Excel Formula Macro Virus (XF.Classic)' and a payload related to 'Hydrocodone/APAP'. The virus appears to infect other workbooks and save them as 'Book1.xls'.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.