Laroux Office (OLE) / .EXE malware analysis — malicious · c5400b4aa1839cb3

MALICIOUS

Office (OLE) / .EXE

21.5 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel

MD5: 2de4ad1a0b768327dc38bc42772d5622 SHA-1: 9c7ffa66feaf31bc31ff0d44097826291856053e SHA-256: c5400b4aa1839cb3697cbd22556a841d9cb490187b62af629ddb189954fcb1be

62 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates the presence of the Laroux macro virus, identified by markers like 'laroux', 'auto_open', and 'PERSONAL.XLS'. Although VBA macros could not be extracted due to an unsupported format, the heuristic firing is sufficient for attribution. The file's purpose is likely to execute malicious macros upon opening.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.