Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 6f351e7555fac2aa…

MALICIOUS

Office (OLE)

16.5 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 0401d37d389b227b21e17a39ab5034cc SHA-1: cd0829c752879c32741ef7ae69b057fbf3708aaa SHA-256: 6f351e7555fac2aab0f1ce88e94e244d28ded13cbb9dc8c774647d87b4f8ff9d
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a malicious Excel 5 macro virus, specifically the Laroux family, based on heuristic firings. The presence of markers like 'laroux', 'auto_open', and 'OnSheetActivate' strongly indicates the execution of embedded VBA macros. While no specific IOCs like URLs or hashes were extracted, the nature of this legacy malware suggests it aims to spread or execute further malicious actions.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-475 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-475
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.