Laroux Office (OLE) / .EXE malware analysis — malicious · a1dd32eb57a99fcd

MALICIOUS

Office (OLE) / .EXE

35.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: 556d9791174c4feef120a053c8b9f878 SHA-1: 05443511387d301655f46c6f86312ab8d35aeebc SHA-256: a1dd32eb57a99fcdc77b131cef3e0ce2148dc0fcb070e197307a91293daf8628

62 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates this is a variant of the Laroux macro virus, a known threat targeting older Excel versions. The presence of markers like 'laroux', 'auto_open', and 'PERSONAL.XLS' further supports this classification. No document body text or scripts were extractable, but the heuristic firing is sufficient for attribution.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.