Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 96b11b000c1f67d6…

MALICIOUS

Office (OLE)

19.5 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 0a877071c73851fd08cfe5ed230177d9 SHA-1: 062f0e640c79d3b3150c1d2af84804a0f543dd9e SHA-256: 96b11b000c1f67d61ac6bce314e56f1e9a84383c1254f0bc6468dbd1caa4e4fc
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically the Laroux variant, indicated by critical heuristic firings. The presence of macro virus markers like 'auto_open' and 'PERSONAL.XLS' strongly suggests the execution of embedded Visual Basic for Applications (VBA) code. This code is likely designed to perform malicious actions, such as downloading further payloads or establishing persistence, although specific IOCs were not extracted.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-471 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-471
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.