Laroux Office (OLE) / .EXE malware analysis — malicious · eed5a88d869a8c2e

MALICIOUS

Office (OLE) / .EXE

36.0 KB Created: 2000-04-16 09:39:12 Authoring application: Microsoft Excel

MD5: 6e9daae7500ecac9918b6bc74a43ad31 SHA-1: f8248ad4950f29e1070fc2ae24608e52c0e9c414 SHA-256: eed5a88d869a8c2e7c2636f4dac20d8bf9c2e775670c12fd8726a97ecd471456

62 Risk Score

Malware Insights

Laroux · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic 'OLE_XLS5_LAROUX_MACRO_VIRUS' directly indicates the presence of the Laroux macro virus, a known type of malware that spreads via Microsoft Excel macros. The heuristic also identified markers like 'auto_open', 'check_files', and 'OnSheetActivate', which are typical of this family's infection and execution mechanisms. Although VBA extraction failed, the presence of these markers is sufficient for attribution.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.