Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f672325aa8f4d2e9…

MALICIOUS

Office (OLE)

451.5 KB Created: 2007-06-20 22:57:23 Authoring application: Microsoft Excel First seen: 2015-09-24
MD5: 69e54c336a38a1e468e1f4b0ecb41450 SHA-1: 2a0d9797a85282a01ba29671e0edce7e0850e7c0 SHA-256: f672325aa8f4d2e9ecdbc1d94318cec7887e422f63cdea815108fe26065fa016
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing 'OLE_XLS_FORMULA_MACRO_VIRUS' and the presence of strings like 'Classic.Poppy by VicodinES' and 'The Narkotic Network 1998' indicate this is a legacy Excel formula macro virus. The document body contains references to infecting other workbooks and saving them as 'Book1.xls' in specific startup directories, suggesting an attempt to spread and potentially execute further malicious code.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.