XF.Classic Office (OLE) / .XLS malware analysis — malicious · f2e24fef1aedad3a

MALICIOUS

Office (OLE) / .XLS

794.0 KB Created: 2006-12-13 08:17:38 Authoring application: Microsoft Excel

MD5: 709f95b1423740b35a45dc69983704fb SHA-1: 8de6e8572a9fbb0ec60876678e96dfa5ac64e237 SHA-256: f2e24fef1aedad3a018b0a1dc94780cf48d11141148901850b2272017ff69453

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel formula macro virus, specifically mentioning 'XF.Classic' and 'Poppy by VicodinES'. The embedded text confirms this, detailing the virus's intent to infect other workbooks and save them as 'Book1.xls'. The virus appears to be part of 'The Narkotic Network' from 1998.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.