Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 e9f71c89a6a2ce05…

MALICIOUS

Office (OLE)

2.18 MB Created: 2009-08-24 04:39:39 Authoring application: Microsoft Excel
MD5: ed67036ee8244b447e644ca444aaf6df SHA-1: 3750aa6d5f2db5f368f8ed7f54adee20e0cfae0b SHA-256: e9f71c89a6a2ce054bcc4f1600451b654baf902efa73ec42cfaff3e22828a3e6
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel formula macro virus, specifically identified as 'XF.Classic' and associated with 'Poppy by VicodinES' and 'The Narkotic Network'. The document body contains strings related to macro infection and payload delivery, including the path 'C:\Program Files\Microsoft Office\OFFICE11\xlstart\Book1.xls' which suggests an attempt to infect the user's startup directory. The macro's intent appears to be self-propagation and potential payload execution.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.