Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 37cd583faaf077e2…

MALICIOUS

Office (OLE) / .XLS

251.5 KB Created: 1998-12-14 03:49:47 Authoring application: Microsoft Excel
MD5: fffe1f640f70dabbca49142c2c9e993b SHA-1: d2aa422463ad8a99ac9723257db8d3e5fa6695a9 SHA-256: 37cd583faaf077e2775f753c9b79866cda6f7064be9c9d2e25332eb115f79ab2
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file is an Excel 5 spreadsheet containing markers associated with the Laroux macro virus. While VBA macros could not be extracted due to an unsupported format, the presence of these markers and embedded URLs suggests a malicious intent. The document body text appears to be a support contact flow, potentially a lure for social engineering or phishing.

Heuristics 2

  • Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
26ae2b120c8c47fa994d45e556e00d0cea289602ed24e3252e48d375d76997f3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1054 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.