Laroux — Office (OLE) malware analysis

Static analysis result for SHA-256 6d2556aa358a1ec9…

MALICIOUS

Office (OLE)

174.0 KB Created: 1999-02-23 15:34:38 Authoring application: Microsoft Excel
MD5: e5c551e51d81d0bd7af44af021fb0f9d SHA-1: 8257bcdafa3b62f8a83f66231baccc6132fad073 SHA-256: 6d2556aa358a1ec9948ce9ea211ed18325dd634213f762cf3ffbe36131fa898b
120 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file containing VBA macros, specifically identified as the Laroux macro virus by heuristic analysis. The presence of an 'auto_open' subroutine strongly suggests that the macro executes automatically when the document is opened, a common technique for malware deployment. While no specific malicious payload or network activity was directly observed in the provided evidence, the identification of a known macro virus family points to a high likelihood of malicious intent.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
20466521d27d759ff48a8c8d830a74edb28b3849872b3f27744ddcd719ebd0c3		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 311 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.