Win.Trojan.Laroux-65 — Office (OLE) malware analysis

Static analysis result for SHA-256 9fb6ee313026a935…

MALICIOUS

Office (OLE)

34.5 KB Created: 1980-01-05 19:07:25 First seen: 2012-06-14
MD5: e4be5238709ce6b9eedab9646cf572cd SHA-1: 0ee4b9c7e54aabb6f728d53264ac6e340e1ce791 SHA-256: 9fb6ee313026a935e7f8a1b7338716b75cac934b2503ba5aea769e35e2a92035
120 Risk Score

Malware Insights

Win.Trojan.Laroux-65 · confidence 95%

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as a macro virus, specifically Win.Trojan.Laroux-65, based on heuristic firings and ClamAV detection. The presence of macro virus markers like 'laroux' and 'auto_open' strongly indicates malicious VBA code designed to execute automatically. This type of malware is typically delivered via spearphishing attachments.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-65 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-65
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.