Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 ea1f6828cd597cb6…

MALICIOUS

Office (OLE)

234.0 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 19bed46f84efce98f10e003815474387 SHA-1: 27fceec7799ae906c2c23506bd8f333fc505bca2 SHA-256: ea1f6828cd597cb6b644d514143e37e91754cfe3d17b586799a320a54cec103a
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically the Laroux variant, based on critical heuristic firings. These firings indicate the presence of known markers associated with this legacy malware family. The macro is likely designed to execute automatically upon opening the document, potentially leading to further compromise.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-493 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-493
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.