Phardera Office (OLE) malware analysis — malicious · a41621adc5780d65

MALICIOUS

Office (OLE)

13.5 KB Created: 1996-10-07 22:50:00 Authoring application: Microsoft Word for Windows 95 First seen: 2012-06-14

MD5: 0d9e88db2192c81672ab3d151e5e0217 SHA-1: 2df960300a129ee81773f68c87d8a830ecd956f6 SHA-256: a41621adc5780d65255818383a6502c078e93ffb0e8a6a76d91b509669bc458b

80 Risk Score

Malware Insights

Phardera · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Phardera-1. The presence of a legacy WordBasic auto-exec macro marker (FileOpen) indicates that the document is designed to automatically execute code upon opening. This macro likely attempts to exploit vulnerabilities or download additional payloads, consistent with the Phardera family's known behavior.

Heuristics 2

ClamAV: Doc.Trojan.Phardera-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Trojan.Phardera-1
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.

Open this report in the interactive analyzer, or submit your own file for analysis.