Office (OLE) malware analysis — malicious · fd0c06b8f8347961

MALICIOUS

Office (OLE)

19.5 KB Created: 2009-03-25 07:32:35 Authoring application: Microsoft Excel

MD5: f54066b6c0e4d3ca3a879bb512e11d9e SHA-1: e2e5ec3fb53326f3c0b808f479e01864e7d1986e SHA-256: fd0c06b8f83479610233a041276e5da53d18b5cff6c55b219dc200ec09d3b2d3

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a malicious Excel 4.0 macro virus, specifically 'XF.Classic' by VicodinES, also known as 'Poppy'. The document body contains text indicating it's a 'Classic.Poppy by VicodinES' and mentions 'The Narkotic Network 1998', suggesting a historical macro virus. The embedded text also includes paths and filenames related to Excel startup, indicating an attempt to infect new workbooks.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.