Laroux Office (OLE) / .EXE malware analysis — malicious · c8e3e965b875316a

MALICIOUS

Office (OLE) / .EXE

33.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: a53cb222a3efa5ee8dbeb5f949cb78e9 SHA-1: 721cdf6f42df26676090f8b43eb46ff5ffcebf2c SHA-256: c8e3e965b875316a0cbfe59882dd7ce0aeb07079c03f2d634880f4ce12ac788e

62 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates the presence of the Laroux macro virus within this Excel 5 file. The presence of markers like 'laroux', 'auto_open', and 'OnSheetActivate' further supports this identification. Although VBA extraction failed, the heuristic is sufficient for attribution. The file's purpose is consistent with known Laroux variants, which typically involve spreading or executing malicious code.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.