MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, vilenefex.ru, which is likely intended to host a malicious payload or redirect the user to a phishing site. The document body, though heavily obfuscated, appears to be a lure related to 'Niv bible for android free'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/123?utm_term=niv+bible++for+android+free
- http://rimiminigi.22web.org/wadexetukajarokopujepat.pdf
- http://wunadimizurened.medianewsonline.com/when_was_the_kitchenaid_mixer_made.pdf
- https://cdn.sqhk.co/womafafowix/MIicZYv/hungry_shark_world_hile_apk_arivleri.pdf
- https://cdn.sqhk.co/fasegibuniz/jchiihy/color_shift_puzzle_ball.pdf
- http://silewugebed.scienceontheweb.net/access_grade_6_student_book.pdf
- https://cdn-cms.f-static.net/uploads/4371553/normal_605712400a33c.pdf
- https://cdn.sqhk.co/peluxisomex/jgiahds/directv_now_free_trial_firestick.pdf
- https://cdn.sqhk.co/gawukale/hihawL8/xitepakirigejuzujalekigiv.pdf
- https://static.s123-cdn-static.com/uploads/4469643/normal_5ffb8ca0bfbda.pdf
- https://cdn.sqhk.co/patagarinixa/eRicpgg/27608747580.pdf
- http://xadexawufomovi.sportsontheweb.net/teenage_romance_books.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fizenigapajawak.epizy.com/fedex_tracking_contact_number_near_me.pdf
- https://s3.amazonaws.com/ladiwuzetawedi/xeleragedawiku.pdf
- https://s3.amazonaws.com/dazuxujepov/incident_report_sample_letter_school.pdf
- http://guzeberipavol.rf.gd/meforizasatakalakajiri.pdf
- https://s3.amazonaws.com/fezenur/75850386397.pdf
- https://s3.amazonaws.com/xazarujokemus/bowezudukeses.pdf
- https://s3.amazonaws.com/tomaxade/bootstrap_contact_form_html_code.pdf
- https://s3.amazonaws.com/gosete/2008_ford_escape_oil_type.pdf
- https://s3.amazonaws.com/bagisi/niwus.pdf
- https://s3.amazonaws.com/satulibaren/davis_vantage_vue_transmitter_battery.pdf
- https://s3.amazonaws.com/gavobawum/gasket_sheet_near_me.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e7c3.bin359dd8eab626b01850b9d40e7ba4b4e11319fa71b7b0d943a2ab345d3eaf8c13 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE7C3 | 4892 bytes |
font_01_sfnt_off0000f87b.bin6535e230252680eea26b893d90293a574ea541baef3f5e15f46a1138e82cacbb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF87B | 11092 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.