Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 ecbbf54013fa1bf2…

MALICIOUS

Office (OLE)

23.0 KB Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: 3db5b7988e535eb4ac2ae8bbeb92b224 SHA-1: f5f956ea7f1f6d93cdb8f5c2dd015a1b7e860608 SHA-256: ecbbf54013fa1bf2c821aac21906b6039b20912be963a64fdc8e062ab4db486d
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically the Laroux family, by multiple heuristics. The presence of macro-related markers like 'auto_open' and 'OnSheetActivate' strongly suggests the execution of embedded VBA code. While no specific IOCs like URLs or hashes were extracted, the macro's nature implies it attempts to perform malicious actions upon opening.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-473 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-473
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.

Open this report in the interactive analyzer, or submit your own file for analysis.