Malicious Office (OLE) / .EXE — malware analysis report

Static analysis result for SHA-256 a87a671846c577f9…

MALICIOUS

Office (OLE) / .EXE

10.0 KB Created: 1998-01-14 02:39:50 Authoring application: Microsoft Excel
MD5: 9d1be2e19d2f25897f8e1b64f0f78feb SHA-1: a9adf3c713a618d44078623eb032d890ba1bff27 SHA-256: a87a671846c577f954fd2570b869dea0896104ea3c7f1f62b57e1859a7ee14e6
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly suggests the presence of the Laroux macro virus, a well-known threat targeting older Excel versions. The presence of markers like 'laroux', 'auto_open', and 'OnSheetActivate' further supports this identification. Although VBA macros could not be extracted due to an unsupported format, the heuristic firings are sufficient to indicate a malicious intent associated with this legacy macro virus.

Heuristics 2

  • Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.