Office (OLE) / .EXE malware analysis — malicious · c71f675d67960677

MALICIOUS

Office (OLE) / .EXE

35.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: deef0abcaa988ce16c537bf6a0b43bad SHA-1: 537dcf040109b9fee7ac3a6ee3365cc2ae10089c SHA-256: c71f675d67960677331e63cc01dfdc86862af595a6937dd2c330d0f17eba1350

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS strongly suggests the presence of the Laroux macro virus. While VBA extraction failed due to an unsupported format, the presence of specific markers within the OLE structure points to this known macro-based threat. The document body contains garbled text and repeated Sophos Goat File strings, which are likely artifacts of the macro's execution or obfuscation.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.