Office (OLE) / .XLS malware analysis — malicious · f57bdbe30285b69b

MALICIOUS

Office (OLE) / .XLS

68.5 KB Created: 2007-10-26 01:02:34 Authoring application: Microsoft Excel

MD5: c8626461b01c2c4b6f82b53d3252ce93 SHA-1: 4e29ce7ec4e4ab9e9c94fd14108fd5bf771c08d8 SHA-256: f57bdbe30285b69b3f63daa7c17e95f6dacaace30930a1a805e2c31fc9ff2306

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is an Excel spreadsheet containing what appears to be a financial report. A critical heuristic firing indicates it is a legacy Excel formula macro virus, commonly known as Poppy or XF.Classic. This suggests the file is designed to execute malicious code via Excel formulas, likely to download and execute a second-stage payload.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.