Laroux — Office (OLE) / .EXE malware analysis

Static analysis result for SHA-256 b501b0d9b7085def…

MALICIOUS

Office (OLE) / .EXE

74.0 KB Created: 1998-04-06 15:48:46 Authoring application: Microsoft Excel
MD5: b3cae7d11a3ccad8480522e8f9c513f7 SHA-1: 18f0ac0ef351c5b367d3f9c0843d695a2a075f7c SHA-256: b501b0d9b7085def8d26aee55dc1bfcf2c6c5cf4d6fd9216c30a74e8bb8a74db
62 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS strongly suggests the presence of the Laroux macro virus. Although VBA macros could not be extracted due to an unsupported format, the presence of specific markers like 'laroux' and 'auto_open' within the file's structure is sufficient for attribution. The document body contains corrupted text, likely a result of the macro's activity or the file's legacy format.

Heuristics 2

  • Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
  • Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED
    olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.