Office (OLE) / .XL malware analysis — malicious · ebb4f91258ffee92

MALICIOUS

Office (OLE) / .XL

47.0 KB Created: 2001-09-18 01:04:40 Authoring application: Microsoft Excel

MD5: 2266c953f6475a7582e39a583b37b877 SHA-1: aa425e843066160027340804ec1958352b8be4f3 SHA-256: ebb4f91258ffee9236715473e0fede240b5d13e587e637b0e2a1fcfc310a6f9c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'Poppy' by VicodinES, also known as XF.Classic. The embedded text and script markers indicate that this virus infects other Excel workbooks, saving them as 'Book1.xls' in the Excel startup directory. The virus's payload is described as 'Hydrocodone/APAP 10-650 For Your Computer', suggesting a potential for information theft or system compromise.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.