Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · 80d7ab50aed6ab9e

MALICIOUS

Office (OOXML) / .XLSM

2.09 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: 38fccc3e528ad0d37d4ad842a177c2a2 SHA-1: 9103e92eda7922b8f827392b9b9d1917f959e2a4 SHA-256: 80d7ab50aed6ab9e27bf65103b139cb0f54f8438ef4f831bf3c29f330f1f5eeb

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1059.005 Command and Scripting Interpreter: Visual Basic

The file is a macro-enabled Excel spreadsheet (XLSM) identified by ClamAV as Xls.Dropper.Valyria-10030821-0. The presence of VBA macros and an embedded OLE object strongly suggests it's designed to execute malicious code. The primary function is likely to download and execute a second-stage payload, as indicated by the 'Dropper' classification.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.