Win.Trojan.Laroux-56 — Office (OLE) malware analysis

Static analysis result for SHA-256 3add9b815875587d…

MALICIOUS

Office (OLE)

36.5 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 20976b7392fefc0153dfeeb3504f6fdf SHA-1: 62b351310afb66b105d2632df763dcdc74a2daf8 SHA-256: 3add9b815875587d1126c167d8bf415a59b4e06709e2f919d4b6b8c8c68e8ff8
120 Risk Score

Malware Insights

Win.Trojan.Laroux-56 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro-virus, specifically Win.Trojan.Laroux-56. The presence of 'laroux' and other macro-related markers strongly indicates malicious VBA code designed to execute within Excel. The document body contains garbled text, suggesting potential obfuscation or corruption, but the core finding is the macro virus.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-56 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-56
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.