Office (OLE) / .XLS malware analysis — malicious · e69452fdce8810ff

MALICIOUS

Office (OLE) / .XLS

4.31 MB Created: 2008-04-04 03:49:08

MD5: cbbb2850a971b0712cd000056b5027c9 SHA-1: b69da7f3e646208000776fc87e7d69cb75d8f050 SHA-256: e69452fdce8810ff1699272852a030fd317cfb81bcba1462ca8d78ccb85fceab

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is an Excel 4.0 (XLM) macro sheet, indicated by the OLE_XLM_AUTOOPEN heuristic. The OLE_XLS_FORMULA_MACRO_VIRUS heuristic further flags it as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. These indicators strongly suggest the presence of malicious macro code designed to execute arbitrary commands upon opening.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.