Laroux Office (OLE) / .XLS malware analysis — malicious · baf8cb5317f20ab4

MALICIOUS

Office (OLE) / .XLS

403.5 KB Created: 1997-09-15 15:41:45 Authoring application: Microsoft Excel

MD5: 4229e0abad22545d1bb42841b9d4056e SHA-1: a0ecba5ffc323c274b33a6a313adebebf76191e0 SHA-256: baf8cb5317f20ab4014acad540c8c836d30c9059d084dbfb876e949b03aac167

62 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS strongly indicates this XLS file contains the Laroux macro virus. The presence of markers like 'laroux', 'auto_open', and 'OnSheetActivate' confirms this. Although VBA extraction failed due to an unsupported format, the heuristic is sufficient for attribution. The document body appears to be a price list, likely a lure to entice users to open the malicious spreadsheet.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.