Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 2e6ea8593ec1a6db…

MALICIOUS

Office (OLE)

33.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 7a59da74e82548687298470f445fc874 SHA-1: 09346e953cb3a47554cbcdcc87725179fb876879 SHA-256: 2e6ea8593ec1a6dbafa5280388467fbddbbea6b4e1507c1d30155955a88353e4
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro-virus, specifically the Laroux family, by static analysis heuristics. The presence of macro markers like 'auto_open' and 'OnSheetActivate' indicates that the embedded VBA code is designed to execute automatically upon opening the spreadsheet. The document body, though partially corrupted, suggests a financial context, likely a lure to trick users into enabling macros.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-490 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-490
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.