Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 f60a328eb5f92b8b…

MALICIOUS

Office (OLE) / .XLS

116.5 KB Created: 2008-04-10 04:23:07 Authoring application: Microsoft Excel
MD5: b0b829be019e1aef955c025733fe6709 SHA-1: 0020ff18f18834ccd2098f0fa391c911c625851a SHA-256: f60a328eb5f92b8b8b2e1222bd103fcfc0c8b75670dd888685bea0e15c46c678
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS_FORMULA_MACRO_VIRUS' directly identifies this file as a legacy Excel Formula Macro Virus, specifically 'Poppy' or 'XF.Classic'. The document body contains strings related to this virus, including its name, authoring group 'The Narkotic Network', and its self-propagation path to 'C:\Program Files\Microsoft Office\OFFICE11\xlstart\Book1.xls'. This indicates the file's primary purpose is to infect other Excel workbooks.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.