Valyria Office (OOXML) / .XLSM malware analysis — malicious · e0c9c16c4d7cd53b

MALICIOUS

Office (OOXML) / .XLSM

2.06 MB Created: 2020-02-01 18:28:07 UTC Authoring application: Microsoft Excel 12.0000

MD5: aff2c78f7ab70e1aee2d7b159a11ca16 SHA-1: ef52f6065a0389dd491d4c9b805d9531cd5759a9 SHA-256: e0c9c16c4d7cd53ba9c4e56058f0ee4a84972d93065689a0efe90d0eeaf2c28b

102 Risk Score

Malware Insights

Valyria · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic for Applications T1204.002 Malicious File

The file is an XLSM document containing VBA macros, as indicated by the OOXML_VBA heuristic. ClamAV detection identifies it as 'Xls.Dropper.Valyria-10030821-0', suggesting it functions as a dropper. The presence of an embedded OLE object further supports its malicious nature. The primary function appears to be downloading and executing a second-stage payload.

Heuristics 4

ClamAV: Xls.Dropper.Valyria-10030821-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.Valyria-10030821-0
VBA project inside OOXML medium OOXML_VBA

Document contains vbaProject.bin — VBA macros present
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object
Large OOXML part skipped info SCAN_INCOMPLETE

One or more high-value OOXML parts exceeded the scanner's per-entry size cap and may not have been fully inspected.

Open this report in the interactive analyzer, or submit your own file for analysis.