Office (OLE) / .XLS malware analysis — malicious · ece29f787336080f

MALICIOUS

Office (OLE) / .XLS

3.61 MB Created: 2009-11-16 10:22:13 Authoring application: Microsoft Excel

MD5: 18ffe92e7c163c77fd9793c77058319b SHA-1: d7c6e6c49c30863fc5b5e9b9f22c435e4b416a59 SHA-256: ece29f787336080f301771800543b39ba1b3f24547c4fbbcfa2cc65ff8c4b81d

80 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a list of building automation components. It triggers critical heuristics for legacy Excel formula macro viruses, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. This suggests the file is designed to deliver a malicious payload, likely through embedded XLM macros, to achieve a social engineering objective.

Heuristics 2

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.