Laroux Office (OLE) / .EXE malware analysis — malicious · d268f5a296204759

MALICIOUS

Office (OLE) / .EXE

24.0 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel

MD5: d69d32ed934806ccad10a132b8984f2c SHA-1: 243a6c810df89d0887d1e152c99ff4e01f558529 SHA-256: d268f5a296204759ccf2621bca441f17ff173250c9b52d98427a406ce5fe00c7

62 Risk Score

Malware Insights

Laroux · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro-virus, specifically a Laroux variant, based on heuristic firings. The presence of 'laroux', 'auto_open', and 'PERSONAL.XLS' markers strongly indicates this family. Although VBA macros could not be extracted due to an unsupported format, the file's metadata and the specific heuristic firing are sufficient to classify it as malicious. The 'XM/Laroux.KH' string likely represents an internal identifier or signature for this specific variant.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.