Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · bd4f44ebdc75f535

MALICIOUS

Office (OOXML) / .XLSM

2.67 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: 6579b0ded0abd88289655bb976b67cd0 SHA-1: ce1e163ec128eb9b882d1101d45b97004d526eee SHA-256: bd4f44ebdc75f53514f780516dfcb2c0a70f0fcec4d964a75fde9373bd51907e

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is identified as malicious by ClamAV with the signature Xls.Dropper.Valyria-10030821-0. Static analysis indicates the presence of VBA macros within the OOXML structure, suggesting it functions as a dropper. The embedded OLE object further supports the likelihood of malicious code execution.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.