Office (OOXML) / .XLSX malware analysis — malicious · 97059ae3ef60ef89

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: aad7f00dfaf36da5d822d44634cbd0cb SHA-1: 1f2cb00f1c7ecfaecf3f83305b6d25fcf87d6819 SHA-256: 97059ae3ef60ef89a1bef59ff2af7b67f87c19706ec102078f8747a0392bc183

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to download and execute a secondary malicious payload. While no specific document body or scripts were extracted, the heuristic detection strongly suggests a malicious dropper functionality. The file's metadata indicates it is an older Excel document, potentially leveraging older vulnerabilities.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.