Office (OLE) / .EXE malware analysis — malicious · dc9d81a9e222747e

MALICIOUS

Office (OLE) / .EXE

30.0 KB Created: 1997-10-17 13:32:23 Authoring application: Microsoft Excel

MD5: e3f2f8842755ea6460813d47a4f832c6 SHA-1: 2e04c5aeadb8fd55f9527d0315447153db9490b7 SHA-256: dc9d81a9e222747e6fae0b8c2fb01d90dc78b0f1b184a619c54524c16b9e6509

180 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-1. Static analysis detected VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code when the document is opened. The presence of the Auto_Open macro strongly suggests an attempt to automatically run malicious code upon opening the file.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-1
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `195dd48500a0be98307d955578a55d44c00aea247be7b7cdc336babad41d6624`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1869 bytes
Detection ClamAV: Xls.Trojan.Laroux-1 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.