Office (OLE) / .EXE malware analysis — malicious · 4933fec2c7e6f19a

MALICIOUS

Office (OLE) / .EXE

33.5 KB Created: 1995-08-04 21:06:38 Authoring application: Microsoft Excel

MD5: 0133b2607a9aba73c1e1e1b27a9de708 SHA-1: fe05f3b2f33c13cd2c0101557ce4aea9e7e96912 SHA-256: 4933fec2c7e6f19a3fff64ea8bce2a23cf9be4cfabe228b406b42f03d3e9cbda

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel OLE executable containing VBA macros, specifically an Auto_Open macro, which is a common technique for initial execution. ClamAV signatures indicate it is a known trojan (Xls.Trojan.Laroux-28). No specific IOCs were extracted beyond the presence of the macro itself.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-28 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-28
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `e32a1c166ee861c1e5cbfabfd598293a72f3a197baa246222d688bfb645c2943`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2270 bytes
Detection ClamAV: Xls.Trojan.Laroux-28 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.