Laroux — Office (OLE) / .EXE malware analysis

Static analysis result for SHA-256 5bd1668f1bcba381…

MALICIOUS

Office (OLE) / .EXE

700.5 KB Created: 1998-07-28 00:26:21 Authoring application: Microsoft Excel
MD5: faeed839af2bf566a04f89e4c243a550 SHA-1: d27a22cd0821fd5b6537b48d358fd892b7af5999 SHA-256: 5bd1668f1bcba381d178cc0389511941e81f0a9898574d26df3f4ff42c9b99b6
120 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic T1547.001 Registry Run Keys / Startup Folder

The sample contains significant indicators of the Laroux macro virus, including specific marker strings and the presence of an Auto_Open macro. This type of malware is known to infect other Excel workbooks and attempt to establish persistence, likely through mechanisms like modifying the PERSONAL.XLS file or registry run keys.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
78b2f55b38949bfb8295736bfd2124d4e84704f4290c67d6c02576c9bab957e1		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 6933 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.