Office (OLE) / .XLS malware analysis — malicious · e4994257a63b4473

MALICIOUS

Office (OLE) / .XLS

617.5 KB Created: 2002-01-18 02:38:26 Authoring application: Microsoft Excel

MD5: 80c52d9568614deac1bb603b64a2e489 SHA-1: d6ae8be6505071421a21bed45d7cbac1e52e4507 SHA-256: e4994257a63b44734a84ce9adbf009a6e2e2d66e908061c2b8e2e80779607380

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates the presence of a legacy Excel formula macro virus. The document body explicitly mentions 'Classic.Poppy by VicodinES', 'An Excel Formula Macro Virus (XF.Classic)', and 'The Narkotic Network 1998', confirming its nature. The script attempts to infect other workbooks by saving itself as 'Book1.xls' in the 'xlstart' directory, indicating a self-propagation mechanism.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.