Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 44117ab87afeb972…

MALICIOUS

Office (OLE) / .EXE

51.5 KB Created: 1998-08-24 23:10:00 Authoring application: Microsoft Excel
MD5: 759f18742bf54a0f25fc4f110b088773 SHA-1: 98c179c37f96a497626e687bca48835df1602824 SHA-256: 44117ab87afeb9726e9ddc32138c380f52a0a2ef4fbce9a496cfd818316ca7ba
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates the presence of the Laroux macro virus, a known type of malware that spreads via Excel macros. The 'auto_open', 'check_files', and 'OnSheetActivate' markers further support this identification. Although VBA extraction failed due to an unsupported format, the presence of the Laroux marker cluster is sufficient evidence of malicious intent.

Heuristics 2

  • Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.