Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 027a98c271c6df3d…

MALICIOUS

Office (OLE)

190.0 KB Created: 2000-02-29 04:47:49 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 82c81de5eb01461a14ea5f0beaa8d9b1 SHA-1: d81555772b7a65bfbc81d09557203225e418118a SHA-256: 027a98c271c6df3d2cbb77610852d9507b30954635cecd8473eef4b1a6be30cd
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file contains markers indicative of the Laroux macro virus, a known type of malware that often uses VBA macros to execute malicious actions. The document body, though heavily obfuscated and in Korean, appears to contain text related to personal information and actions, suggesting a social engineering lure. The presence of macro-related terms like 'auto_open' and 'SaveAs' further supports the macro-based execution vector.

Heuristics 1

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.