Xls.Trojan.Laroux-28 Office (OLE) / .XLS malware analysis — malicious · a2df1ec6080c468b

MALICIOUS

Office (OLE) / .XLS

364.5 KB Created: 1999-02-23 07:37:30

MD5: f7df7714fe5397c2c70b74da6c5c87c2 SHA-1: 490aeae6d2a20e45cdb591d289ae87fce0c2a2fe SHA-256: a2df1ec6080c468b8d318d2d88651eb280b3dd472b4ae904705bf7c3b5811c12

180 Risk Score

Malware Insights

Xls.Trojan.Laroux-28 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The critical ClamAV heuristic firings indicate this XLS file is recognized as Xls.Trojan.Laroux-28. The presence of a high-severity Auto_Open macro suggests immediate execution upon opening. While no specific URLs or further script details were extracted, the macro's presence strongly implies a malicious intent, likely to download and execute a second-stage payload.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-28 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-28
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `71149df7d135795b239029a927afd506bbdc599c394cb1616c19b473c9789048`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	7082 bytes
Detection ClamAV: Xls.Trojan.Laroux-28 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.