Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 5d6925cc465e8eef…

MALICIOUS

Office (OLE)

25.5 KB Created: 1980-01-05 19:10:02 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: ddbc6fad2a18139c03cdc871554fc547 SHA-1: d8279bc81c8d05deb87dbc3029d6db1ac46fd58d SHA-256: 5d6925cc465e8eefd3d130799992a3bdd2be293c97a2711a9308582fe2da78b7
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The sample is an Excel 5 OLE file exhibiting characteristics of the Laroux macro-virus, including specific marker strings and detection as a dropper by ClamAV. The presence of macro-virus markers and the dropper classification strongly indicate that this file is intended to execute malicious code, likely through its embedded VBA macros.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-67 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-67
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.