Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 669e5e54a968f711…

MALICIOUS

Office (OLE)

34.5 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 2b0c6767fba31eda216674bf55ea20ee SHA-1: 6639b331c8fe2853c8448c02f19a24e43364f123 SHA-256: 669e5e54a968f711bff8c0dc5c8c1863482537adf60e719b3eac363904485ead
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro-virus, specifically a variant of Laroux. The presence of macro markers like 'auto_open' and 'OnSheetActivate' indicates that the macro is designed to execute automatically upon opening the document. While no specific IOCs were extracted, the macro's presence strongly suggests malicious intent.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-66 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-66
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.