Xls.Trojan.Laroux-32 Office (OLE) / .EXE malware analysis — malicious · a2642e2744caefb7

MALICIOUS

Office (OLE) / .EXE

45.0 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: 025a8f46a44b5e136776dfc875032e07 SHA-1: f95cf7ca52e9d143c1950fe4310441c4c1d7266a SHA-256: a2642e2744caefb7d75c54cbaa2a11d44a16ba6f1f3a062f37acbf1c45a14ea2

180 Risk Score

Malware Insights

Xls.Trojan.Laroux-32 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-32. Static analysis detected VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code automatically when the document is opened. The presence of an Auto_Open macro strongly suggests the intent is to run arbitrary code, likely to download and execute a secondary payload.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-32 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-32
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `881f5e2777517a4c412cb9490748b52c6cd89df531a889359e003e27e522f9da`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1869 bytes
Detection ClamAV: Xls.Trojan.Laroux-32 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.