Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · 28bc4257b36bcf06

MALICIOUS

Office (OOXML) / .XLSM

2.06 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: 35ad73eb3c1e2d5f2cdbf5109e98dd06 SHA-1: 6e4a9097c35b51d1915ea910bebf965f6d668d6b SHA-256: 28bc4257b36bcf0688dbe3019b3e92fae0dc8b693f48d008a2fa8358602aaf61

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter T1059.005 Visual Basic

The file is an XLSM document containing VBA macros, as indicated by the OOXML_VBA heuristic. ClamAV detection confirms it as Xls.Dropper.Valyria-10030821-0, a known dropper. The presence of an embedded OLE object and the incomplete scan of a large part suggest the file likely contains and executes a secondary malicious payload.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.