MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, vilenefex.ru, which is likely part of a phishing or malware distribution scheme. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, contains text fragments that suggest a lure related to 'kaizen' and 'amelioration'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9852
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/award?keyword=am%25C3%25A9lioration+continue+kaizen+pdf
- https://cdn-cms.f-static.net/uploads/4404976/normal_5fda49dddf662.pdf
- http://italywom.space/184397312060jy54.pdf
- https://cdn-cms.f-static.net/uploads/4410191/normal_5fe7450f57a9e.pdf
- http://wovugikanagak.scienceontheweb.net/jimivuvowenatuxozavanuju.pdf
- https://static.s123-cdn-static.com/uploads/4381976/normal_6004e8dc32589.pdf
- http://titanof-filtr.ru/wutetodolim0f1.pdf
- http://iglivesupportteam.com/2748057794qkof7.pdf
- https://static.s123-cdn-static.com/uploads/4407780/normal_5ffc685dc3e3c.pdf
- http://czecheducation.space/tosurijasumetuga2dpqg.pdf
- https://cdn-cms.f-static.net/uploads/4450421/normal_601843eebb176.pdf
- http://pedrons.space/viwafalonorifuzinukedima8t8hm.pdf
- http://temppicture.xyz/coriolis_flow_meter_installation_guidengrsx.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://uploads.strikinglycdn.com/files/217bcd28-d420-4b20-ae89-f6660dad6e6f/big_little_lies_season_2_episode_3_reddit.pdf
- https://uploads.strikinglycdn.com/files/0b415f0f-f4cb-4b0f-b086-47d021596a29/average_salary_for_graphic_designer_in_chicago.pdf
- https://uploads.strikinglycdn.com/files/203563d2-c471-4ea6-9825-7eb22139ced6/covers_of_carry_on_wayward_son.pdf
- http://fojakosi.atwebpages.com/zasakotexonaxapa.pdf
- https://uploads.strikinglycdn.com/files/f386afb5-f213-46dd-822e-8b7ca94d2661/25261009435.pdf
- https://5fdaa9e0-ad6d-443b-8779-beb8e45026dc.filesusr.com/ugd/05301a_286f1d12487a4eaf87efcf2188b58077.pdf?index=true
- https://09ec9d85-9312-4337-94d0-b84080e05f2e.filesusr.com/ugd/ac0094_9fd54bc1d8ad461a9f4c95581992b08b.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb5b.bin986fa57af87e19ba0aa29e0d85a3b99c3dbdcd01aef820a02310a3cf2e479d79 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB5B | 5948 bytes |
font_01_sfnt_off0000ffad.bin952cc7ac34dde5119f94d5a17ee461ea3dfc9bd5df64c25511bfff8a7b53a48b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFAD | 5252 bytes |
font_02_sfnt_off0001112e.binbe0c55d3a4b9446d4c61ccd0d99a53dba617dd0703e1aa2a172ecd02b4cfdaf6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1112E | 13332 bytes |
font_03_sfnt_off00013aed.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13AED | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.