Office (OLE) / .EXE malware analysis — malicious · 3966f857545cfb9c

MALICIOUS

Office (OLE) / .EXE

54.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: 0eec6d7ebc146bd251a80143a3cf8c1e SHA-1: 9ef218979982bcdc6cabd5e5f2b87e8e765c2f24 SHA-256: 3966f857545cfb9c08328aa434727d09c5c13e50a3884e4475e8e65bfdfe212e

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel file exhibiting characteristics of the Laroux macro virus, identified by specific marker strings within its structure. Although VBA macros could not be extracted due to an unsupported format, the presence of these markers strongly suggests malicious intent. The file's content appears to be corrupted or obfuscated, further supporting its suspicious nature.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.