Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · dd6784ac60b0c12e

MALICIOUS

Office (OOXML) / .XLSM

2.05 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: 22917f2541a92bd62db9f3eec2d8791a SHA-1: d789882cd93e83428968fa18ba23ae11fb4cc761 SHA-256: dd6784ac60b0c12eea95173f2ea268230d1067e1704b58938682789673dbb08b

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an XLSM document, which is a macro-enabled Excel file. Heuristics indicate the presence of VBA macros and an embedded OLE object. ClamAV detection identifies it as 'Xls.Dropper.Valyria-10030821-0', suggesting its primary function is to drop and execute other malware. No document body or scripts were extracted, but the file type and ClamAV signature strongly suggest a malicious dropper.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.