Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 7d4230444e694f71…

MALICIOUS

Office (OLE) / .EXE

237.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel First seen: 2026-05-10
MD5: 1f47783c84e375530257f95a9f99f266 SHA-1: c65687a8d834d41650bde7031cbb14962a0ab862 SHA-256: 7d4230444e694f7146c069d4d473b189077f2806f3c1e522e5406282ec6baee4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS indicates this is a known Excel macro virus. The presence of 'laroux', 'auto_open', and 'OnSheetActivate' markers strongly suggests malicious VBA code designed to execute automatically. No specific IOCs were extracted, but the family is likely a variant of the Laroux macro virus.

Heuristics 1

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.