Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · d26b198296cbc6ac

MALICIOUS

Office (OOXML) / .XLSM

2.03 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2021-09-17

MD5: e1addfa1742d8768c9d1c7138f003ce1 SHA-1: e31c92352ce16e2bee754f93c928356599605446 SHA-256: d26b198296cbc6ac04405543f42929bf48fba0605684fcb467a07b02227ff9bf

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1059.005 Command and Scripting Interpreter: Visual Basic T1105 Ingress Tool Transfer

The file is a macro-enabled Excel spreadsheet (XLSM) containing VBA macros, as indicated by the OOXML_VBA heuristic. ClamAV detection identifies it as 'Xls.Dropper.Valyria-10030821-0', suggesting its primary function is to act as a dropper. The presence of an embedded OLE object further supports its malicious nature. The overall pattern points to a spearphishing attachment designed to execute malicious VBA code that downloads and runs a secondary payload.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.