Win.Trojan.Laroux-53 — Office (OLE) malware analysis

Static analysis result for SHA-256 db7dd7a57f170496…

MALICIOUS

Office (OLE)

134.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: edc5e6829cb669396aed7e81158705cc SHA-1: ea60696109cb11324f7c959b15bc74c669c75c46 SHA-256: db7dd7a57f17049624c10c7d2b26e6f7eb533d527213f6b0ad1c9f8f5092177e
120 Risk Score

Malware Insights

Win.Trojan.Laroux-53 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro-virus, specifically Win.Trojan.Laroux-53. The presence of 'laroux' markers and VBA macro indicators strongly suggests the execution of malicious Visual Basic code. The document body's garbled text and financial terms are likely a lure or obfuscation for the macro's true purpose.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-53 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-53
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.