Laroux Office (OLE) / .EXE malware analysis — malicious · c4644132e02db1b5

MALICIOUS

Office (OLE) / .EXE

192.5 KB Created: 2000-01-06 10:41:57 Authoring application: Microsoft Excel

MD5: f3c613068e42bd3b66e5324e337ab9d7 SHA-1: 0dfddc21069fa89e09fc71bcdba5bf877b80af62 SHA-256: c4644132e02db1b57308fdb5a33bd6f8b2588da35d2072bccf367452c8f5b292

62 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS indicates this is a variant of the Laroux macro virus, a known threat that spreads via infected Excel documents. The presence of markers like 'auto_open' and 'OnSheetActivate' further supports this. No VBA macros could be extracted due to an unsupported format, limiting further analysis of its specific payload or delivery mechanism.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.