Office (OLE) / .VXE malware analysis — malicious · fe5c3f25f727b1cd

MALICIOUS

Office (OLE) / .VXE

326.0 KB Created: 2004-09-28 09:08:01 Authoring application: Microsoft Excel

MD5: 12968072c536e93f700d351521c31f81 SHA-1: 11d343c5782c0c3e591b7f109a2949f0c55c819f SHA-256: fe5c3f25f727b1cd9c99570657ae8a4bf02bdf05d5784b0febe9715f005b8e8e

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is identified as a legacy Excel formula macro virus, specifically 'XL4Poppy' or 'Classic.Poppy'. The embedded script content explicitly mentions infecting other workbooks and saving them as 'Book1.xls' in the 'xlstart' directory, indicating a self-propagation mechanism. The virus also contains strings related to 'Hydrocodone/APAP 10-650' and 'The Narkotic Network', suggesting a potential connection to illicit activities or information theft.

Heuristics 1

Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS

Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.

Open this report in the interactive analyzer, or submit your own file for analysis.