Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f013bc4f5a0ff3b8…

MALICIOUS

Office (OLE)

377.0 KB Created: 2006-09-28 03:35:48 Authoring application: Microsoft Excel First seen: 2015-10-01
MD5: c0375e14370314d3acac36e4342d8810 SHA-1: cb09d108c12971c0c63777069a40925a206de7e5 SHA-256: f013bc4f5a0ff3b8c43e951b169448c59884f9eea5651d333d057a91fff40163
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this Excel file contains a legacy macro virus. The document body contains references to 'Poppy by VicodinES' and 'XF.Classic', which are known indicators of this type of malware. The presence of paths like 'C:\Documents and Settings\Administrator\Application Data\Microsoft\Excel\XLSTART\Book1.' suggests an attempt to establish persistence or load malicious content upon Excel startup.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.