Xls.Trojan.Laroux-1 Office (OLE) / .EXE malware analysis — malicious · a4b4b44eae248a08

MALICIOUS

Office (OLE) / .EXE

81.5 KB Created: 1998-08-17 18:33:51 Authoring application: Microsoft Excel

MD5: bb65923aaaff3efe3f5fb64d75d5d991 SHA-1: 9ebedcb5ed89f98a2ac4e0cf3378ad02ab4d56a7 SHA-256: a4b4b44eae248a08eb768bd70100f384835797c1beebe31c4ab78613c638d1aa

180 Risk Score

Malware Insights

Xls.Trojan.Laroux-1 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is detected as Xls.Trojan.Laroux-1 by ClamAV, indicating a known trojan. The presence of an Auto_Open VBA macro suggests that the malware executes automatically upon opening the Excel file. The document body contains financial projection terms, likely a lure to entice the user to open the malicious macro-enabled spreadsheet.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-1
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `83d5d6fdc5e809be8f35dd69b2a58d1f27ff8b43174defd964d08f524eeade9d`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1898 bytes
Detection ClamAV: Xls.Trojan.Laroux-1 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.