Laroux Office (OLE) / .EXE malware analysis — malicious · c01a1eccc5f0a611

MALICIOUS

Office (OLE) / .EXE

115.5 KB Created: 1998-03-18 16:41:12 Authoring application: Microsoft Excel

MD5: aff5bf83aae89064995829cc5035c116 SHA-1: 917141deb491b3bae48585e8a734ae829de9b065 SHA-256: c01a1eccc5f0a6112325be78a33d6717fc6c41f51861152cff2b2aa4ad4150f5

62 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' directly identifies this file as a variant of the Laroux macro virus, known for its self-replication capabilities within Excel 5 documents. Although VBA macros could not be extracted due to an unsupported format, the presence of the Laroux marker cluster strongly indicates malicious intent. The document body content is unreadable, providing no further clues.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.