Office (OLE) / .XLS malware analysis — malicious · facb3e18eeae7b3e

MALICIOUS

Office (OLE) / .XLS

1.06 MB Created: 1996-03-19 00:03:47 Authoring application: Microsoft Excel

MD5: 7e74d6f6f90d881a5348642dad5d44eb SHA-1: 0485598635b98bf2ca4a862dac32dd16ed68be5b SHA-256: facb3e18eeae7b3eb42940bfb7b8b58c8aa950d6c8c0979d5e86bcb7d19a2561

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The critical heuristic firing indicates this is a legacy Excel 4.0 macro virus, identified by markers such as 'Excel Formula Macro Virus', 'XF.Classic', 'Poppy by VicodinES', and 'Narkotic Network'. These markers suggest the file is designed to execute malicious code through Excel's formula capabilities, a common technique for older macro viruses. The document body contains what appears to be Vietnamese text related to road construction or infrastructure, which may serve as a lure or be unrelated to the malicious functionality.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.