Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 d4754294f11fc568…

MALICIOUS

Office (OLE)

72.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 990b605fbc698afb1e696a7498a2da86 SHA-1: d44a46781c3b4c2862575b773cf03cce07f0d68b SHA-256: d4754294f11fc5685982d726d2907b753cef8813be1a9c5edaada47caabd1033
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel 5 OLE document containing VBA macros. Heuristics indicate the presence of a legacy macro virus, specifically the Laroux family, which is known for its obfuscation techniques. The document body contains garbled text and financial terms, likely part of the obfuscation or a lure. No specific IOCs were extracted, but the presence of the macro virus suggests it attempts to execute malicious code.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-482 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-482
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.