Win.Trojan.Laroux-52 — Office (OLE) malware analysis

Static analysis result for SHA-256 e031af3f6ca74077…

MALICIOUS

Office (OLE)

42.0 KB Created: 1998-08-05 10:29:51 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: a13386ca619e008e9ea3be328ee2f92a SHA-1: 52526c41f7519f11bd47fc1d389a253fed2578c4 SHA-256: e031af3f6ca74077f221efa44d9229d50ca944926c6b4e01374b911f08a13311
120 Risk Score

Malware Insights

Win.Trojan.Laroux-52 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically Win.Trojan.Laroux-52. Heuristic firings indicate the presence of the Laroux macro virus markers, which are known for their ability to infect other workbooks and potentially spread. The document body contains garbled text, typical of obfuscated macro content.

Heuristics 2

  • ClamAV: Win.Trojan.Laroux-52 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Laroux-52
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.