Laroux Office (OLE) / .EXE malware analysis — malicious · 89d7bcbe74fb9e72

MALICIOUS

Office (OLE) / .EXE

39.5 KB Created: 1998-03-20 12:58:55 Authoring application: Microsoft Excel

MD5: 78ba2f1e2695c3462dca12c87d73b413 SHA-1: d3296e7e72a532e43be5a167127d76cce75c5d39 SHA-256: 89d7bcbe74fb9e7270e12340a5b8c1ccfbbf9300446d3bc9c87db875f509333c

62 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates the presence of the Laroux macro virus. The presence of 'laroux' and 'auto_open' markers within the heuristic details further supports this identification. Although VBA extraction failed, the heuristic itself is sufficient for attribution. The DOC BODY content also contains 'Laroux-am', reinforcing the family identification. This family is known for infecting other Excel files.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.