Laroux — Office (OLE) malware analysis

Static analysis result for SHA-256 5ebce0e6865293e4…

MALICIOUS

Office (OLE)

23.0 KB Created: 1980-01-05 19:36:13 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 6dbe774bab66b43331196c8a668ed468 SHA-1: b6f053dda903b9e2cd1acc27f833af6396010f56 SHA-256: 5ebce0e6865293e4e5a39c80260679c7180a01784f54fc7e2533fa131e66eb2a
60 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS strongly indicates the presence of the Laroux macro virus within this Excel file. The presence of markers like 'laroux', 'auto_open', and 'PERSONAL.XLS' suggests the malware's intent to spread and potentially infect other Excel workbooks. No specific IOCs like URLs or hashes were extracted, but the family attribution is high.

Heuristics 1

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.