Phardera — Office (OLE) malware analysis

Static analysis result for SHA-256 a375a97255cc04a3…

MALICIOUS

Office (OLE)

15.0 KB Created: 1996-10-07 22:50:00 Authoring application: Microsoft Word for Windows 95
MD5: 4f85efd8da33c08f16d8e3efa66be83a SHA-1: b7e6cba1417d30d08d5130cef479d33d411f796f SHA-256: a375a97255cc04a3b9d52ed7fddefe334b25421604a7a48718f8730c305abff4
60 Risk Score

Malware Insights

Phardera · confidence 85%

The file is identified as a malicious Office document by ClamAV with the signature Doc.Trojan.Phardera-1. The extracted document body contains numerous strings related to VBA macros, including function names like 'FileOpen', 'InfectGlobal', and 'FuckIt', strongly suggesting macro-based execution. The presence of 'Phardera' in the metadata and script-related strings points to the Phardera malware family. The macro code appears designed to infect documents and potentially perform other malicious actions, though specific payloads are not detailed in the provided evidence.

Heuristics 1

  • ClamAV: Doc.Trojan.Phardera-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Phardera-1

Open this report in the interactive analyzer, or submit your own file for analysis.