Hi wroot,
Thanks for the post. I can confirm that those files are absolutely detected as W97M.Downloader with any definitions from Rapid Release Sequence 179557 or higher.
https://www.virustotal.com/en/file/a3563f0984cd2a9abd9d30de72445765abd2b7acf46b5e41abaf3e656793d78e/analysis/
https://www.virustotal.com/en/file/40e087cf67ccc4cb2fae38113965dddd3f3ba5e6fe8b6ac8cf4782d5fb933c6d/analysis/
This article can help you check if the certified definitons include that protection:
Sequence Makes Sense
https://www.symantec.com/connect/articles/sequence-makes-sense
There are hundreds of millions of distinct malicious macro spam messages in circulation. Every day there are countless new variants in terms of file name, hash, message body, URL links from which different malware is downloaded when an end user is tricked into enabling macros and clicking.... Take precautions to harden your defenses and educate end users to reduce the risk that your organization will be damaged!
Support Perspective: W97M.Downloader Battle Plan
https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan
Please do keep this thread up-to-date with your progress, or mark it solved if you have received your answer! &: )
With thanks and best regards,
Mick