Office (OLE) / .EXE malware analysis — malicious · 7a4e1b6cfc364e8d

MALICIOUS

Office (OLE) / .EXE

263.5 KB Created: 1999-04-19 05:43:04 Authoring application: Microsoft Excel

MD5: 25a73462d8611b5dee0725814cf972f0 SHA-1: 50260a1b5b8a7f461da018765c7cb127df38ca86 SHA-256: 7a4e1b6cfc364e8d61e4349a4c33f90988f3682fc1723caed36f0baaef06e83c

180 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is an OLE executable containing VBA macros, specifically an Auto_Open macro, which is a common technique for initial execution. ClamAV identifies this as Xls.Trojan.Laroux-31. The document body presents financial data, suggesting a lure to encourage macro execution. The Auto_Open macro likely initiates the malicious payload, although the specific actions are not detailed in the provided evidence.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-31 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-31
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `82965028d241fe510521aac82100c57555731bb23fa3d130f429ad193b6ee009`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2198 bytes
Detection ClamAV: Xls.Trojan.Laroux-31 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.