Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 0a35004e84a9a27c…

MALICIOUS

Office (OLE)

17.0 KB Created: 1998-09-23 02:11:45 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: f664f4bdafbf0bf6de3f80ba91736fbb SHA-1: 3049b3ca77a4ae5981750c6e181bd9547f8dce5b SHA-256: 0a35004e84a9a27c91ea068915c71161f79432febfe30835cce06204a35302d5
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file contains markers indicative of the legacy Excel 5 Laroux macro virus, including 'laroux', 'auto_open', and 'PERSONAL.XLS'. This type of malware typically executes malicious VBA code upon opening the document. The presence of these markers strongly suggests a malicious intent, likely to download and execute further payloads.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-481 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-481
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.