Xls.Downloader.Agent08210-9888570-0 Office (OOXML) malware analysis — malicious · 9a69bee0e5b40209

MALICIOUS

Office (OOXML)

246.4 KB Created: 2011-05-17 14:38:26 UTC Authoring application: Microsoft Excel 16.0300

MD5: 4cfa3739fd2c6e932a8d901c983abcc4 SHA-1: 7e36135d976f116ef7da23b0b8f08fa2d56e47bc SHA-256: 9a69bee0e5b40209601083d800acc16ff3c1d0eebea2128ea91d60d2ec4cf2c4

70 Risk Score

Malware Insights

Xls.Downloader.Agent08210-9888570-0 · confidence 85%

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is detected as Xls.Downloader.Agent08210-9888570-0 by ClamAV, indicating it functions as a downloader. It contains an external hyperlink that likely serves as a lure or a redirect to a malicious payload. The document body is uninformative, but the presence of the downloader heuristic and the external URL strongly suggests a phishing or malware distribution attempt.

Heuristics 3

ClamAV: Xls.Downloader.Agent08210-9888570-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.Agent08210-9888570-0
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://www.formtools.com/f/httpswwwofficecomauth1-1553
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://www.formtools.com/f/httpswwwofficecomauth1-1553

Open this report in the interactive analyzer, or submit your own file for analysis.