Office (OLE) malware analysis — malicious · a019ddf66d028da2

MALICIOUS

Office (OLE)

9.0 KB Created: 1997-04-09 16:59:00 Authoring application: Microsoft Word 6.0 First seen: 2012-06-14

MD5: 316ee31445d0da30f141506b15b15430 SHA-1: db4ab90dc0d52366dada52b26d2cbd79b97cf5ca SHA-256: a019ddf66d028da2a5f04d8012349b835811f7fe599138d1e17d6712acdc9bf2

80 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution T1059.005 Command and Scripting Interpreter: Visual Basic

The critical ClamAV heuristic indicates detection as Doc.Trojan.Phardera-1. The legacy WordBasic auto-exec marker 'FileOpen' suggests the document is designed to execute malicious code when opened, likely by leveraging the 'FileOpen' macro functionality. The presence of 'C:\PHARDERA.DOC' in the document body further supports this, indicating a potential path for malicious file execution or manipulation.

Heuristics 2

ClamAV: Doc.Trojan.Phardera-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Phardera-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.