Office (OLE) / .EXE malware analysis — malicious · ac743deb79cba6bd

MALICIOUS

Office (OLE) / .EXE

76.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: 06028aa0d2c077969a6234fde2855bb8 SHA-1: 1afbc94803bfc160616c08b23a21ae73dd3c73dc SHA-256: ac743deb79cba6bd7199ed44b893859c8a5dcfc2b0fd227d481ee3346aaef0bf

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly suggests the presence of the Laroux macro virus. Although VBA macros could not be extracted due to an unsupported format, the presence of the virus marker cluster indicates a malicious intent, likely for initial compromise. The document body contains garbled text and Sophos Goat File markers, which are not directly indicative of the attack pattern but support the overall malicious nature.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.