Legacy.Trojan.Agent-470 — Office (OLE) malware analysis

Static analysis result for SHA-256 3ec073ccf6b69c5d…

MALICIOUS

Office (OLE)

24.5 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: f02c06b5d7639faf8b517d472d38af04 SHA-1: b9990ce2bb54903fde47c8922a6953c8168d7118 SHA-256: 3ec073ccf6b69c5d84b2a01d1aef4d3fe9da9b507042ae00f5aa7148da8fac7e
120 Risk Score

Malware Insights

Legacy.Trojan.Agent-470 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file contains markers indicative of the Excel 5 Laroux macro-virus, specifically referencing auto_open and PERSONAL.XLS. ClamAV also identifies it as Legacy.Trojan.Agent-470. The presence of these indicators strongly suggests a malicious macro-based execution.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-470 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-470
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.