MALICIOUS
110
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ClamAV with the signature Xls.Downloader.Agent08210-9888570-0. Static analysis revealed an OOXML clickable image form lure pointing to an external hyperlink. This suggests the document is designed to trick users into clicking the link, likely for phishing or to download a secondary payload. No VBA macros were extracted, but the presence of an external link and the nature of the lure strongly indicate a malicious intent.
Heuristics 4
-
ClamAV: Xls.Downloader.Agent08210-9888570-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Agent08210-9888570-0
-
OOXML clickable image phishing/form lure high OOXML_CLICKABLE_IMAGE_FORM_LUREWorkbook uses a large embedded image as the visible document body and attaches a click-through external hyperlink to that image. The target is a form/collection service or the drawing contains download/view lure text, which is a common credential or document-phishing pattern rather than benign workbook data.
-
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKSDocument contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: http://v7ury17lau0.typeform.com/to/VhlRhyzC
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://v7ury17lau0.typeform.com/to/VhlRhyzC Document hyperlink
Open this report in the interactive analyzer, or submit your own file for analysis.