Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 8ba38cbf9e717274…

MALICIOUS

Office (OLE) / .EXE

79.5 KB Created: 1980-01-04 07:03:21 Authoring application: Microsoft Excel
MD5: 688f8dceee20474a22f3b689b1fff8db SHA-1: f01ac453ebfb896e403759b4102eada8f4a65f9b SHA-256: 8ba38cbf9e71727475d0c9984494c03536df6dbd2ef03586c71d24681c80e494
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing indicates this is an Excel 5 Laroux macro-virus. Although VBA macros could not be extracted due to an unsupported format, the presence of the Laroux marker strongly suggests malicious macro functionality. The document body content is minimal and does not provide further clues.

Heuristics 2

  • Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.