Xls.Trojan.Laroux-1 Office (OLE) / .EXE malware analysis — malicious · e285c33c6f0f6bd1

MALICIOUS

Office (OLE) / .EXE

19.0 KB Created: 1997-10-09 16:14:18 Authoring application: Microsoft Excel

MD5: eba317e3d1ac0400044619f6130ce8a6 SHA-1: 46e8d60be1f5b962c993759a041a77ca32e10b44 SHA-256: e285c33c6f0f6bd1c6751146217d60d9a21ba5d366f0a1714e0afbc5e72a3b0b

180 Risk Score

Malware Insights

Xls.Trojan.Laroux-1 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Xls.Trojan.Laroux-1. Static analysis detected VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening the document. The presence of the Auto_Open macro strongly suggests the intent to immediately run the embedded malicious script.

Heuristics 4

ClamAV: Xls.Trojan.Laroux-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Trojan.Laroux-1
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `2c6a42cb4f0b59a04d9fc0e5ff719fdf6d2e357757549708cedc1bf8a7bf18b3`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1908 bytes
Detection ClamAV: Xls.Trojan.Laroux-1 Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.