Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 79bfa0db97ae8327…

MALICIOUS

Office (OLE)

41.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: f2e98fde74c95cad414cea47ad177814 SHA-1: ebffd63f8c7bfd6683c4468e0b188049942cd4f8 SHA-256: 79bfa0db97ae83271910fbc566b34fa31e789b9f89ffe031b36981ba05a04268
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file exhibiting characteristics of the Laroux macro-virus. The presence of specific macro markers like 'laroux', 'auto_open', and 'OnSheetActivate' strongly indicates the execution of malicious Visual Basic for Applications (VBA) code. While no specific URLs or payloads were extracted, the heuristic firings are sufficient to classify this as a macro-based threat.

Heuristics 1

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.