Office (OLE) / .XLK malware analysis — malicious · fd718005938c2b50

MALICIOUS

Office (OLE) / .XLK

357.5 KB Created: 2004-01-05 13:44:13 Authoring application: Microsoft Excel

MD5: ef6db4f977c9fc9878c4e4e3ceb6f7c2 SHA-1: 7266bbdef4b120cb8b7a8cd6a1b81e07dc5f650d SHA-256: fd718005938c2b504184f46492a53c0669254040666d7e727b811322ffe85bde

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'Classic.Poppy by VicodinES' and 'XF.Classic', associated with 'The Narkotic Network 1998'. The document body, presented as a product list, likely serves as a lure to encourage the user to interact with the malicious content embedded within the Excel file. The presence of the 'OLE_XLS_FORMULA_MACRO_VIRUS' heuristic firing strongly indicates the malicious nature and the attack vector.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.