Laroux Office (OLE) / .EXE malware analysis — malicious · d972fcb58157e122

MALICIOUS

Office (OLE) / .EXE

136.0 KB Authoring application: Microsoft Excel

MD5: dc9410709b2af5495439c3fcffc5cdd0 SHA-1: 1ec4a404d6b5f5a1c0cbe16665171696f2e09646 SHA-256: d972fcb58157e12254f271bccf5dffe62caffc8c355faa8272940e7ce6f1ee9a

62 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for OLE_XLS5_LAROUX_MACRO_VIRUS indicates this is a variant of the Laroux macro virus, a known threat. The file is an Excel 5 OLE file, and the presence of markers like 'auto_open' and 'OnSheetActivate' further supports this. Although VBA extraction failed, the presence of the Laroux marker strongly suggests malicious macro activity.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.