Laroux Office (OLE) / .EXE malware analysis — malicious · 93210f15c79dd01c

MALICIOUS

Office (OLE) / .EXE

21.0 KB Authoring application: Microsoft Excel

MD5: 574fabd8a200f097754fcec7c6383982 SHA-1: b31c17224395d46d53715a018ff8c517a0dcba4e SHA-256: 93210f15c79dd01c30871e8d4cee1539e58af537d5d667bde968d7bd09a78904

62 Risk Score

Malware Insights

Laroux · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates the presence of the Laroux macro virus, a known threat targeting older Excel versions. The 'DOC BODY' content, while heavily corrupted, contains the string 'aroux' which further supports this identification. No VBA macros could be extracted due to an unsupported format, but the heuristic firing is sufficient for attribution. The file's purpose is to execute malicious macro code.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.