Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e75ef6aceca3e0d1…

MALICIOUS

Office (OLE)

67.0 KB Created: 2003-12-31 08:46:19 Authoring application: Microsoft Excel First seen: 2015-09-24
MD5: 7b17bb778e0a5a44b0436094ede35aa0 SHA-1: 67c00d84b10644f9305b07a2ee81adf06cdb24c6 SHA-256: e75ef6aceca3e0d14113998e4c4caa5fcbc29c6c72ed9f0c6ae43ec339804d6b
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file identified as a legacy macro virus, specifically 'Classic.Poppy by VicodinES'. The document body contains text that appears to be a financial or work progress report, likely a lure. The embedded macro is designed to infect other workbooks, save them as 'Book1.xls' in the Excel startup directory, and potentially deliver a payload related to 'Hydrocodone/APAP 10-650'.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.