Laroux — Office (OLE) / .XLS malware analysis

Static analysis result for SHA-256 776fe74da3f706f7…

MALICIOUS

Office (OLE) / .XLS

75.5 KB Created: 1998-05-15 14:03:09 Authoring application: Microsoft Excel
MD5: 5a4bda7b1502845d6abfc665038c8878 SHA-1: 8f19f4bdce2d8a21b6684da7398c5ece6c0e81be SHA-256: 776fe74da3f706f7735568a8887bf5397c7706693ebebaec1c1259118fb833c9
120 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel 5 XLS document containing VBA macros. Heuristics indicate the presence of the 'Laroux' macro virus, which is known to execute an Auto_Open subroutine when the spreadsheet is opened. No specific IOCs were extracted, but the presence of this known macro virus family is highly indicative of malicious intent.

Heuristics 3

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
fd1c99af5d179caef5f4a19a269254bc805416fe34d9d0a53c597aaf58a76521		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1880 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.