Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 35158f93513b9ceb…

MALICIOUS

Office (OLE)

16.5 KB Created: 1998-09-23 02:11:45 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 47644fca8939545436dc25fac24bbdff SHA-1: 4fa64a1c17e540ce630354e3cf042bc2c88f3f8e SHA-256: 35158f93513b9ceb02871c9ecac0bab9077c6c8780d1ee953d9da1a1c38e1800
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file contains markers indicative of the Excel 5 Laroux macro virus, a legacy threat. This virus is known to execute arbitrary code embedded within Excel macros, often for malicious purposes. No specific IOCs were extracted, but the presence of the Laroux marker strongly suggests malicious intent.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-486 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-486
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.