Xls.Dropper.Valyria-10030821-0 Office (OOXML) / .XLSM malware analysis — malicious · df14a9b72f7d050a

MALICIOUS

Office (OOXML) / .XLSM

2.66 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: 5b6c6a726f3698c9fadccad2f7067bbb SHA-1: 6590d84b654c866bb7f2630a85e8473ebfa8d96b SHA-256: df14a9b72f7d050a1f00630d191acca3399551238c53f8878bcfc4e7c0cd77e3

102 Risk Score

Malware Insights

Xls.Dropper.Valyria-10030821-0 · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter T1059.005 Visual Basic

The file is an XLSM document identified by ClamAV as Xls.Dropper.Valyria-10030821-0. Static analysis revealed the presence of VBA macros and an embedded OLE object, which are common techniques for delivering malicious payloads. The critical ClamAV detection strongly suggests this file acts as a dropper for further malicious activity.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.