Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 59e560731e7f17e2…

MALICIOUS

Office (OLE)

33.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 047ad162fa0e87092aeaa29c52e2e41a SHA-1: e63130f04719510b13fe09db9eb1354592a9d920 SHA-256: 59e560731e7f17e2002d0ce25c1848f2e8b8dfc1a4aa0f32e4bbf938b48e0914
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a legacy Excel 5 macro virus (Laroux) by multiple heuristics. The presence of macro markers like 'auto_open' and 'OnSheetActivate' strongly suggests that malicious VBA code is embedded within the workbook. This code is likely designed to execute automatically, leading to further malicious activity.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-485 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-485
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.