Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 0b10895110748af0…

MALICIOUS

Office (OLE) / .EXE

30.0 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel
MD5: f8165c781d63b085186a523b88153ad1 SHA-1: 19823103c8c78a1d74c2104d2bb47fa47558b533 SHA-256: 0b10895110748af014b3469da9f00f42003b4805f5e63f8de2567d5d0af61e3e
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS, along with the presence of an Auto_Open VBA macro, strongly indicates a macro-based threat. The script attempts to modify Excel's startup path and menu items, suggesting an effort to achieve persistence. The specific mention of 'PERSONAL.XLS' and the manipulation of menu items are characteristic of older macro viruses like Laroux.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
22500901a720a2bb4b3397f6b8cefd6551a87e73b168cf2a45c503aa9c66ad1e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3361 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.