Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 bc0292e4c6efcabd…

MALICIOUS

Office (OLE)

209.5 KB Created: 2000-01-06 10:39:53 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 96687198d2bb207a408744e6394911fc SHA-1: afd3ed5d92a231af7a63aa3a2f91c1ce47a4a87e SHA-256: bc0292e4c6efcabd187ef307d16908b27bca38d0f451d12b8c024f0139225cd6
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is identified as a malicious Excel 5 macro virus, specifically the Laroux variant, indicated by critical heuristic firings. The presence of macro markers like 'auto_open' and 'OnSheetActivate' suggests that the embedded VBA code is designed to execute automatically, likely to download and run a secondary payload or perform other malicious actions. No specific IOCs were extracted beyond the macro indicators.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-31709 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-31709
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.