Office (OLE) / .EXE malware analysis — malicious · db9d2ae131056a76

MALICIOUS

Office (OLE) / .EXE

17.0 KB Created: 1998-05-23 01:39:16 Authoring application: Microsoft Excel

MD5: 1940a8931328b26ae304cdae41f22447 SHA-1: 36f343a81fffea6ec796cef6ca00b92ce6dbf446 SHA-256: db9d2ae131056a7667f7cabead6fb8320bb79bf6b9e1c6aee326fef62ec3324f

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' indicates this is a variant of the Laroux macro virus, which is known to spread via macros within Excel files. No VBA macros could be extracted due to an unsupported format, but the presence of the Laroux marker cluster is sufficient evidence of its nature. The DOC BODY content is garbled and does not provide further clues.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.