MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing for an external URI pointing to 'vilenefex.ru', which is flagged as malicious. Additionally, a critical heuristic indicates a PDF link farm with numerous external links, suggesting a phishing or SEO spamming attempt. The ML classifier and ClamAV detection strongly support the malicious nature of this PDF. The document body, though heavily obfuscated, contains the URL 'https://vilenefex.ru/strik?utm_term=can+i+get+free+psn+codes', reinforcing the phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=can+i+get+free+psn+codes PDF link annotation
- https://korisupugi.weebly.com/uploads/1/3/5/3/135308649/gelonaxabuke.pdfIn PDF document text
- https://fomukudir.weebly.com/uploads/1/3/4/4/134403856/2026398.pdfIn PDF document text
- https://xudidetopos.weebly.com/uploads/1/3/4/5/134579215/figowufusokisikub.pdfIn PDF document text
- https://firedisivimi.weebly.com/uploads/1/3/0/9/130969818/e741bf359b2fb.pdfIn PDF document text
- https://sixifemawo.weebly.com/uploads/1/3/4/4/134470876/5548941.pdfIn PDF document text
- https://nusuvonofa.weebly.com/uploads/1/3/1/8/131872273/sizanogidas-momil.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2cf5efed-5d46-4393-af52-20e5d163305a/17540031099.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/07d343da-ecd4-4ac8-a71d-e9f6016ff490/vibumolepejuratirenen.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f187a8ea-71b2-450d-b327-8b0cd7353208/how_to_fix_a_sharp_aquos_tv_that_wont_turn_on.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1271ef37-9489-4470-a231-a077973a7b26/25911985550.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/333da62a-2671-4bd7-8d8b-81c742060509/machinerys_handbook_toolbox_vs_large_print.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d16a8b47-71f0-427a-839b-a1533879c215/how_to_cancel_online_passport_application_south_africa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bd6ee515-0332-42c7-bb79-468ec23a9562/mememorutozixowale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/452fc84f-eed4-4cb0-bdc5-a371af6eb242/divx_10_pro_serial_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e5256709-b561-4449-914c-50387b7cea5f/como_fazer_conta_de_porcentagem_na_calculadora.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2a135759-da1a-4fcb-b243-51c8313ee3a5/8693349491.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cfaaa65c-2089-49e6-b61a-630a83f8c370/2004_jeep_grand_cherokee_parts_catalog.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/464158ad-cc88-40a9-8fb8-3fcda845b4dd/warriors_books_series_1.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cd653e73-fca7-411c-b9d7-f405f6633666/taylor_weight_tracking_scale_7595_instructions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5cf4526f-06e4-4d8f-bf73-4d1dcb064d64/what_is_non_transformational_leadership_style.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7ecbb51f-8a20-475e-8d9b-c25791125044/what_are_the_rules_of_21_card_game.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eb3c373c-36d9-487e-8c0b-aa27d6f15712/9310990792.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011a5a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11A5A | 5196 bytes |
SHA-256: 3c57d5923dea97f3079f316df34bfefeaeee1c9853c63e2a706f693f679677fb |
|||
font_01_sfnt_off00012c18.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12C18 | 12372 bytes |
SHA-256: fddf3f41c4fb416ba2ca07674eccae3bdd9547ec01c174d8a65b6300eaadecae |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.