Xls.Trojan.Laroux-29 Office (OLE) / .EXE malware analysis — malicious · a3524e418cf678b3

MALICIOUS

Office (OLE) / .EXE

37.0 KB Created: 1980-01-04 11:38:01 Authoring application: Microsoft Excel

MD5: 6c5d36505641030ef7e2b0c1e59d6ff1 SHA-1: fe65bca0d7070c6a4a07ca38ec1bd7e10f7cba81 SHA-256: a3524e418cf678b32da01fd4a8da4e1e100c6ed505de7c2d8f9a48cca14db2c6

180 Risk Score

Malware Insights

Xls.Trojan.Laroux-29 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-29. Static analysis revealed the presence of VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. The macro source is 1864 bytes, indicating a significant amount of code is present. The file is an OLE Excel file, further supporting the macro-based attack vector.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-29 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-29
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `65711b85b1b003bb3519d4fba32349030d21b5c168236ebfee27cbba59ae3af3`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1864 bytes
Detection ClamAV: Xls.Trojan.Laroux-29 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.