Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 10aff6dc272929da…

MALICIOUS

Office (OLE)

17.5 KB Created: 1980-01-07 20:47:12 Authoring application: Microsoft Excel First seen: 2015-09-22
MD5: 6bf839cff600fbb2c867de3b08b05194 SHA-1: 907beb3c36e732ab0530f6e0134c6ed264972c7b SHA-256: 10aff6dc272929da1f4773d687718e99083a6ecbdf24655687c92395ddee205c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS indicates the presence of the Laroux macro virus within this Excel file. This family is known for its ability to spread and execute malicious actions, often involving VBA macros. The document body contains garbled text and a 'Baaaaahhhhhhhhh!' message, which are typical of older macro viruses attempting to obfuscate their presence or display a nonsensical message.

Heuristics 1

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.