Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 c063c44150965690…

MALICIOUS

Office (OLE)

15.5 KB Created: 1980-01-04 19:42:40 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 6be6fa1200d29ec75f60e86c8621b98e SHA-1: 6b700a4910f736a9fbc34bfeaea5b00b1cfc34de SHA-256: c063c441509656908f1c681178d1d0451413a12ea5d04c8c05c5c47112cbd8f4
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS indicates the presence of the Laroux macro virus, a known type of malicious Excel macro. The presence of auto_open and OnSheetActivate markers further supports the likelihood of macro execution. No document body or scripts were extracted, limiting further analysis of the specific payload.

Heuristics 1

  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.