Xls.Trojan.Laroux-1 Office (OLE) / .EXE malware analysis — malicious · cd27027071fadbf7

MALICIOUS

Office (OLE) / .EXE

21.5 KB Created: 1980-01-04 14:00:49 Authoring application: Microsoft Excel

MD5: b12f14f0759c06ee1a2a304b5538de26 SHA-1: 192ad77602975f4ef2773b3e401b1a550d263c4f SHA-256: cd27027071fadbf7b26739369219e01b8d3e8a5c6ec39bc3fe9b2c8510a187e7

180 Risk Score

Malware Insights

Xls.Trojan.Laroux-1 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-1. Static analysis revealed the presence of VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening an Excel document. The document body contains 'laroux, Foglio1', which is consistent with the detected family.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-1
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `7f6a325bd620b9a1467188fe7e1573359de7cf40cc919dd5bc122da7aea20aa8`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1912 bytes
Detection ClamAV: Xls.Trojan.Laroux-1 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.