Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 e4cf5d4881c0987c…

MALICIOUS

Office (OLE) / .XLS

3.28 MB Created: 2009-06-18 02:06:19 Authoring application: Microsoft Excel
MD5: 4c652bc54f2846b035eec3e23acd75e5 SHA-1: 317719357a02417ca7e68f7cbd7ed4888783f3af SHA-256: e4cf5d4881c0987c880ebba956ffaba5f150a5728ae909fbce125da9d3f72271
80 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros. A critical heuristic firing indicates it is a legacy Excel formula macro virus, specifically mentioning 'Poppy' and 'Narkotic Network' as markers. While no specific malicious URLs or scripts were extracted, the presence of these legacy virus markers strongly suggests a malicious intent, likely involving the execution of embedded macro code for harmful actions.

Heuristics 2

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
83e9fcbd9ac1b654da9626e4e4b918f5ec7d7a595c15dacaca67663d02967f6a		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 14820 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.