Win.Trojan.Spellcheck-1 — Office (OLE) malware analysis

Static analysis result for SHA-256 158524e06365391a…

MALICIOUS

Office (OLE)

22.0 KB Created: 1998-09-29 12:48:43 First seen: 2012-06-14
MD5: f9e93ce833cd7982666a802f94d0512e SHA-1: d659f101d5647bcdcf59d986ddcc7f60620a4b4c SHA-256: 158524e06365391a27204306cfdf12844c7d131ca184da9dac4ea90831057b28
120 Risk Score

Malware Insights

Win.Trojan.Spellcheck-1 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The presence of the OLE_XLS5_LAROUX_MACRO_VIRUS heuristic firing strongly indicates the file is an Excel 5 macro-virus, likely belonging to the Laroux family. ClamAV also identifies it as Win.Trojan.Spellcheck-1. The macro is designed to execute automatically upon opening the workbook.

Heuristics 2

  • ClamAV: Win.Trojan.Spellcheck-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Spellcheck-1
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.