Win.Trojan.Laroux-47 — Office (OLE) malware analysis

Static analysis result for SHA-256 836f8ce78e7064bc…

MALICIOUS

Office (OLE)

13.5 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 4c85dc2bba33bfdecf637dfa2178266f SHA-1: 8182306e83cad400d440d33aecb69b7c3b7df5e5 SHA-256: 836f8ce78e7064bceb7514bc1f6bb11de52cbb87a2760a74db15c7df488e8a47
120 Risk Score

Malware Insights

Win.Trojan.Laroux-47 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically Win.Trojan.Laroux-47, by multiple heuristics. The presence of numerous macro-related markers like 'auto_open' and 'OnSheetActivate' indicates that the sample is designed to execute malicious VBA code upon opening or interaction within Excel. This type of malware typically aims to spread itself or download additional payloads.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-47 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-47
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.