Laroux Office (OLE) / .EXE malware analysis — malicious · ddbac50a346ac31c

MALICIOUS

Office (OLE) / .EXE

41.5 KB Created: 1994-01-15 21:44:35

MD5: 73327b0c9a9f738e7807767f387f2071 SHA-1: eb49a6b8d536fc2e123a9e25c2379f2cec9c61c6 SHA-256: ddbac50a346ac31ca84ebce3c9424be779ed063ca47f33795f053208170ee154

62 Risk Score

Malware Insights

Laroux · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing 'OLE_XLS5_LAROUX_MACRO_VIRUS' strongly indicates the presence of the Laroux macro virus, a known threat targeting older Excel versions. Although VBA extraction failed due to an unsupported format, the presence of specific markers like 'laroux', 'auto_open', and 'PERSONAL.XLS' is sufficient for attribution. The file's purpose is consistent with macro viruses designed for propagation or malicious execution within the spreadsheet application.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.