XF.Classic Office (OLE) / .XLS malware analysis — malicious · f6d23d962beba94b

MALICIOUS

Office (OLE) / .XLS

31.5 KB Created: 2001-12-30 10:25:43 Authoring application: Microsoft Excel

MD5: 19f224d809e558dd85a7f6bd1b32dd8b SHA-1: 86637f67fd9e92461014a19f897490f77ff344e6 SHA-256: f6d23d962beba94b3d13d42fecd40406a4d70cc30e73af33fdb01ef8dcf0ab89

60 Risk Score

Malware Insights

XF.Classic · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The sample is identified as a legacy Excel Formula Macro Virus, specifically 'XF.Classic' also known as 'Poppy by VicodinES'. The embedded text indicates it's designed to infect other workbooks, saving them as 'Book1.xls' in the Excel startup directory. It also displays a deceptive message related to medication, likely as a lure.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.