Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 f23492dd16ff7c7b…

MALICIOUS

Office (OLE)

17.0 KB Created: 1999-09-08 05:49:21 Authoring application: Microsoft Excel First seen: 2012-06-14
MD5: f8518dd309a3ceaaea4b597906a79056 SHA-1: 89172db0e0b0c69d0950b0f9d3a8198db477c7ba SHA-256: f23492dd16ff7c7ba085f4d5e676119b35e04f8744eba4708a1b40856ef85738
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is identified as a malicious Excel 5 macro virus, specifically the Laroux variant, indicated by critical heuristic firings. The presence of macro markers like 'auto_open' and 'check_files' suggests it is designed to execute malicious code automatically. The ClamAV detection name 'Legacy.Trojan.Agent-492' further confirms its malicious nature.

Heuristics 2

  • ClamAV: Legacy.Trojan.Agent-492 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Agent-492
  • Excel 5 Laroux/Larou-CV macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS
    Legacy Excel workbook contains a Laroux/Larou-CV macro-virus marker cluster including auto_open execution and workbook/module replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.