MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'vilenefex.ru', which is likely the destination for a phishing or malware distribution attempt. The document body, though heavily obfuscated, suggests a lure related to 'Screenwriting tips for beginners'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=screenwriting+tips+for+beginners
- https://static.s123-cdn-static.com/uploads/4385613/normal_5fee07873793a.pdf
- https://cdn.sqhk.co/kelifevaz/3gfhghd/sisenuwonolegipil.pdf
- https://cdn.sqhk.co/xisalaximel/lNQhajj/steam_cleaners_near_me.pdf
- http://likujamozajowu.22web.org/tefupawopumameji.pdf
- http://zilofunawoson.iblogger.org/is_there_a_grace_period_for_license_renewal.pdf
- https://cdn.sqhk.co/vuxaxebowe/bMIjddl/nutritional_information_beringer_white_zinfandel_wine.pdf
- https://cdn.sqhk.co/tuforalogidu/fjbjihg/lamokopisuran.pdf
- https://static.s123-cdn-static.com/uploads/4411480/normal_5fe3c57c3af38.pdf
- http://bepelus.iblogger.org/where_to_get_kenmore_washer_parts.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/17e1bf90-16ab-47e4-ae9d-4fe49875fb0a/jakak.pdf
- http://nokarox.rf.gd/pudavi.pdf
- https://uploads.strikinglycdn.com/files/06dac5b9-e3fe-4281-a125-aa2e2dcfd789/83971256614.pdf
- https://uploads.strikinglycdn.com/files/c492474a-1e64-4b1d-a3dc-b12c579a6373/39867911548.pdf
- https://uploads.strikinglycdn.com/files/d3c926ff-f8f1-4932-8bf2-ae6d453e08b4/how_to_use_sea_bond_denture_adhesive_seals.pdf
- http://zerujafulo.rf.gd/67799687706.pdf
- https://uploads.strikinglycdn.com/files/ff54ed5f-59cd-435f-8ba8-07bd5ec508e9/porujasamoxetemitigiwuj.pdf
- https://uploads.strikinglycdn.com/files/6a84cc06-b9a8-4e1a-8cdd-1d61a2c6606c/the_great_gatsby_vocabulary_quizlet_chapter_1.pdf
- http://sajokebebax.rf.gd/kmol_news_reporters.pdf
- https://uploads.strikinglycdn.com/files/ecce2f2a-a619-4f0c-a7ea-3b2cdfe33ce2/paderidagawavovik.pdf
- http://wojixefem.epizy.com/esl_worksheets_family_tree.pdf
- https://uploads.strikinglycdn.com/files/0ff1112a-48e6-4414-9f02-76bbe24a49d8/is_a_36_volt_golf_cart_good.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed97.bin4353e4a54b638a1b759b6632c7da3affec9bf7c958d3eb39a7170237584d670b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED97 | 5276 bytes |
font_01_sfnt_off0000ffb5.bin7915667049225199df23c76c750f2d66523fc0b7c6f58a0f8d71ae1a420c7003 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFB5 | 10884 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.