Win.Trojan.Laroux-73 — Office (OLE) malware analysis

Static analysis result for SHA-256 4855cf4638ade00e…

MALICIOUS

Office (OLE)

44.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 846460565418f83ad610da5f4eaf65a1 SHA-1: 3302b56a4d1e946c14761c72821b52b97ea794fc SHA-256: 4855cf4638ade00ecc6e7d556617ce80acf6ccc68ea1936f79c67d851e492e86
120 Risk Score

Malware Insights

Win.Trojan.Laroux-73 · confidence 95%

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro-virus, specifically Win.Trojan.Laroux-73. The presence of macro-related heuristics like 'laroux', 'auto_open', and 'OnSheetActivate' strongly indicates that the document contains malicious VBA code designed to execute automatically. The document body, though partially garbled, suggests a financial context, likely a lure to trick users into enabling macros.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-73 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-73
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.