Phardera — Office (OLE) malware analysis

Static analysis result for SHA-256 f2abaf6476383b2c…

MALICIOUS

Office (OLE)

15.0 KB Created: 1996-10-07 22:50:00 Authoring application: Microsoft Word for Windows 95
MD5: 0e1949fe5b435591b29307e783066681 SHA-1: c5104b0c472d55eb593ed7c759f580f6262409b5 SHA-256: f2abaf6476383b2c3a0dacf99b19bd7ced8060692838eb976152586cf6eef2e5
60 Risk Score

Malware Insights

Phardera · confidence 95%

The file is identified as malicious by ClamAV with the signature Doc.Trojan.Phardera-1. The embedded VBA macro code, named 'FileOpen', is characteristic of the Phardera trojan, which is known to infect documents and establish persistence. The macro likely aims to infect the 'Normal.dot' template, allowing it to spread to other documents.

Heuristics 1

  • ClamAV: Doc.Trojan.Phardera-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Trojan.Phardera-1

Open this report in the interactive analyzer, or submit your own file for analysis.