Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 2d0d3399f1c8a757…

MALICIOUS

Office (OLE) / .XLS

156.5 KB Created: 1996-10-16 13:58:36 Authoring application: Microsoft Excel
MD5: a9ad49db17bc83a0e930898ea9ebedc9 SHA-1: 796de959dfd11983cd4fb9f759f28dfc55206582 SHA-256: 2d0d3399f1c8a7576ae2a3c7d5c32c59f710bb93de46d765571599ec3a6dd4d6
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' indicates the presence of the Laroux macro virus, a known threat. The document body, while heavily garbled, contains financial terms and table headers suggesting a lure related to financial transactions. No VBA macros could be extracted due to an unsupported format, limiting further analysis of script behavior. The presence of the Laroux marker cluster is the primary indicator of malicious intent.

Heuristics 2

  • Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.