MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. An external URI pointing to 'vilenefex.ru' was extracted, suggesting a potential phishing or malware download lure. The document body, though heavily obfuscated, contains metadata related to 'wkhtmltopdf' and a date, which might be part of a larger lure or exploit chain.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/award?keyword=giddens+the+consequences+of+modernity+pdf
- https://static.s123-cdn-static.com/uploads/4485705/normal_5fe41efb13eeb.pdf
- https://cdn-cms.f-static.net/uploads/4375521/normal_600a894f21183.pdf
- https://static.s123-cdn-static.com/uploads/4494166/normal_5fe0ef816caa0.pdf
- https://cdn-cms.f-static.net/uploads/4495551/normal_6028ed66c2dc1.pdf
- https://static.s123-cdn-static.com/uploads/4389804/normal_5ffba06931c81.pdf
- https://cdn-cms.f-static.net/uploads/4407756/normal_6038d584442ed.pdf
- https://static.s123-cdn-static.com/uploads/4402294/normal_5fc7e095789a2.pdf
- https://cdn-cms.f-static.net/uploads/4462368/normal_6018fa0a2538f.pdf
- https://cdn-cms.f-static.net/uploads/4389387/normal_600e3e4623428.pdf
- https://cdn.sqhk.co/vefomatakin/af1ohd0/35139649245.pdf
- https://static.s123-cdn-static.com/uploads/4388612/normal_60003f4f9d537.pdf
- https://static.s123-cdn-static.com/uploads/4499021/normal_5fc98b0eb3c4d.pdf
- https://cdn-cms.f-static.net/uploads/4366660/normal_604eb680a4cf6.pdf
- https://static.s123-cdn-static.com/uploads/4470977/normal_5feee08f696e4.pdf
- https://cdn.sqhk.co/zovitamojim/ogf7Eaz/xufejetewewixetezolizokok.pdf
- https://cdn.sqhk.co/xuxibila/v3jie8t/buwozumozukaripu.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://minifuduredejo.rf.gd/multiply_decimals_by_whole_numbers_unit_4_lesson_6.pdf
- http://nebopepebog.rf.gd/xunit.pdf
- http://zofududa.rf.gd/totate.pdf
- http://tefotifomasun.epizy.com/equal_protection_of_the_law_meaning_in_english.pdf
- http://kutoduno.rf.gd/34342160070.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dfad.bin47be2ed91c466b03be8bca3ec67d599676fd1b9c5955858a6b5a12019094636c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDFAD | 5412 bytes |
font_01_sfnt_off0000f1f9.bin89a157418a4f442c0fd4c97d82d2ae38d74d592a0450265ce653f9125629e889 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1F9 | 9796 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.