Laroux Office (OLE) / .EXE malware analysis — malicious · ec8243f04eec7fc3

MALICIOUS

Office (OLE) / .EXE

26.0 KB Authoring application: Microsoft Excel

MD5: 000b3bb88c3559cf1db5bdd90edb1f33 SHA-1: 9e8ab34ae81b05384686a26e40566ac6d025c1f1 SHA-256: ec8243f04eec7fc3ecc74f5e9f73504d1b5433e28b9e17ed39ed624531beccc5

62 Risk Score

Malware Insights

Laroux · confidence 85%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' indicates the presence of the Laroux macro virus, a known threat. The heuristic specifically mentions markers like 'laroux', 'auto_open', and 'PERSONAL.XLS', all associated with this family. Although VBA macros could not be extracted due to an unsupported format, the presence of these markers strongly suggests malicious intent. The DOC BODY content appears to be corrupted or malformed, further supporting the idea that the file's primary purpose is not legitimate document content delivery.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.