Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · a9ba5e7ae9dca585

MALICIOUS

Office (OOXML) / .XLSM

2.67 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: eaadbf33d6d8e1df8106018fdc39d3f9 SHA-1: 8e95e02a998509003fea9c205e752e4ec2802808 SHA-256: a9ba5e7ae9dca585a8b3e993dba5055bffce24a5e201e5b9cdd6e88c2c33bb60

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic

The file is an XLSM document, confirmed by ClamAV as Xls.Dropper.Valyria-10030821-0. It contains VBA macros, indicating it's likely a dropper. The presence of an embedded OLE object and a large skipped part suggests it may be attempting to conceal or deliver a malicious payload.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.