Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 05923a992fd41542…

MALICIOUS

Office (OLE)

16.5 KB Created: 1998-09-23 02:11:45 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 792b43ef8c8213a1e7215d7535b88a29 SHA-1: f514ea7442e265b5f9df147c3f22c7e38516b419 SHA-256: 05923a992fd4154218e219ac7cab9f4c07b5f18c2ea1b71f5f3c8f55a8dd4739
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a malicious Excel 5 macro virus (Laroux) based on critical heuristic firings. The presence of macro virus markers like 'laroux', 'auto_open', and 'PERSONAL.XLS' strongly indicates its nature. This type of malware typically spreads via macros and executes arbitrary code, often leading to further compromise.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-484 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-484
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.