MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' indicates this Excel file contains a legacy macro virus. The document body contains references to 'Poppy by VicodinES' and 'XF.Classic', which are known indicators of this type of malware. The presence of paths like 'C:\Documents and Settings\Administrator\Application Data\Microsoft\Excel\XLSTART\Book1.' suggests an attempt to establish persistence or load malicious content upon Excel startup.
Heuristics 1
-
Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUSWorkbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.
Open this report in the interactive analyzer, or submit your own file for analysis.