Win.Trojan.Laroux-52 — Office (OLE) malware analysis

Static analysis result for SHA-256 cd2c2221210e7b6c…

MALICIOUS

Office (OLE)

40.5 KB Created: 1997-07-01 00:22:35 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 201ef9b26b4030d8c21ccd3d887c8151 SHA-1: b2e830f46a1e3b938caab5065fb58dfac8329450 SHA-256: cd2c2221210e7b6c82faba7c514663e184bfb5598ebfa509ab7333e5863ab65f
120 Risk Score

Malware Insights

Win.Trojan.Laroux-52 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically Win.Trojan.Laroux-52. Heuristic firings indicate the presence of the Laroux macro virus markers, which are known for their ability to infect other workbooks and potentially spread. The document body contains garbled text, typical of obfuscated macro content.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-62 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-62
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.