MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The presence of an external URI pointing to 'vilenefex.ru' suggests the document is designed to redirect users to a potentially harmful site. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=how+to+lock+braun+series+9
- https://cdn-cms.f-static.net/uploads/4405413/normal_603725293a96e.pdf
- https://wemafijape.weebly.com/uploads/1/3/4/7/134775870/jukijokoruju.pdf
- http://giftcard-sale.store/tanerin9yzg.pdf
- https://cdn-cms.f-static.net/uploads/4460450/normal_6055956ee3332.pdf
- http://waystep.site/563703831dpv96.pdf
- http://bezigex.iblogger.org/ieee_access_journal_template.pdf
- http://emmetrix.net/robijiloxobitegejoraviru4lek3.pdf
- http://mafaregasinuviv.22web.org/management_of_hyperemesis_gravidarum_guidelines.pdf
- https://static.s123-cdn-static.com/uploads/4369165/normal_5fca3c0c9008e.pdf
- http://istlan.fun/888307961694popj.pdf
- http://zizaburixakog.iblogger.org/burger_king_menu_2_for_10.pdf
- http://velesvoyage.ru/which_colleges_are_still_open_for_applications_for_2021_in_south_africakpb7r.pdf
- https://navubepoma.weebly.com/uploads/1/3/5/3/135394012/duforaw.pdf
- https://static.s123-cdn-static.com/uploads/4425772/normal_5ffb23da61167.pdf
- https://cdn-cms.f-static.net/uploads/4414869/normal_600ff23a55396.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://uploads.strikinglycdn.com/files/9541becb-f52a-4b72-989b-4fe4ebeb5e40/watch_alexander_the_great_movie_online_free.pdf
- https://uploads.strikinglycdn.com/files/bff0f624-4942-497b-b724-b3840400f547/wufapevafiro.pdf
- https://uploads.strikinglycdn.com/files/3a7d41d4-a0bc-4918-bb7a-fcf1a9bc056e/49569634092.pdf
- https://uploads.strikinglycdn.com/files/e480c129-297b-49aa-9c47-c23218a71492/maxidarakujenajos.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012d59.bin81f2138562c0e440887d68ae5742376bc6f966d12e0fc3b4115a6251aa113aa6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12D59 | 5088 bytes |
font_01_sfnt_off00013eb2.bin72cf99fe32fb3dd0b59508cb9b77cece34955814b3e7ad876f215309584ea395 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13EB2 | 11584 bytes |
font_02_sfnt_off00016584.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16584 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.