Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 e0d7bfbbbc0c2bf2…

MALICIOUS

Office (OLE) / .XLS

1.22 MB Created: 2010-06-27 17:14:00 Authoring application: Microsoft Excel
MD5: 0b48d691a21bf1c7738b1bb795930755 SHA-1: d6395b1db6af7378a07c7ffdca4d10be80474ea1 SHA-256: e0d7bfbbbc0c2bf26a13a75cb135b5ebaa028f9e4a895105a535806fa77b2218
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The sample is identified as a legacy Excel formula macro virus, specifically referencing 'Classic.Poppy by VicodinES' and 'The Narkotic Network'. The embedded text suggests the macro's intent is to infect other workbooks, including saving itself as 'Book1.xls', and potentially deliver a payload, as indicated by 'Simple Payload' and 'Hydrocodone/APAP 10-650 For Your Computer'. The specific references to 'Poppy by VicodinES' and 'XF.Classic' are strong indicators of its nature.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.