Office (OLE) malware analysis — malicious · e2b23f604e2dc573

MALICIOUS

Office (OLE)

132.0 KB Created: 2011-03-04 13:02:25 Authoring application: Microsoft Excel First seen: 2015-09-30

MD5: ab4e51685ac5e3f85eb0fed112de3190 SHA-1: 437fe8a84719bd9c4204d954d126636d68d84520 SHA-256: e2b23f604e2dc573f38d9f3aecdb15503bfb40eb995175d3cfd3e5adaed9a5f4

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file containing legacy Excel 4.0 (XLM) macros, indicated by critical and medium heuristic firings. The document body is in Chinese and appears to be a form for calculating compensation related to property demolition and resettlement, likely a lure. The presence of 'Poppy by VicodinES' and 'Narkotic Network' in the heuristic details suggests a known macro-based threat.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.