MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics and a machine learning classifier as malicious, with ClamAV identifying it as a phishing trojan. The embedded URL 'https://vilenefex.ru/123?utm_term=android+device+frame+png' is likely used to redirect the user to a malicious site. The document body contains garbled text, suggesting it may be obfuscated or intended to be rendered in a specific way by an exploit.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/123?utm_term=android+device+frame+png
- https://cdn.sqhk.co/bepemuno/jenihbx/sketch_master_kenya.pdf
- http://blog-millionaire.buzz/rerugadatorom316oq.pdf
- https://cdn.sqhk.co/dukizukijire/KghAch9/45690971389.pdf
- https://cdn.sqhk.co/wigatozaduw/i6XRh1U/16917288712.pdf
- https://cdn.sqhk.co/zanewijepex/jcbathb/zaxiboxaxoxosusunonod.pdf
- http://liko-sneakers.com/figuletuzesagirisozwu240.pdf
- http://ita-women.space/fuxegiti3ks3v.pdf
- http://rukozhop-guide.com/saeco_odea_go_manuald4vk0.pdf
- https://cdn.sqhk.co/vatukaso/Ihh5ib3/38114973511.pdf
- https://cdn.sqhk.co/vavusiwi/meLoieM/movistar_colombia_planes_moviles.pdf
- https://cdn.sqhk.co/todiwapubu/XjjyjQq/school_uniform_images_cartoon.pdf
- http://fullpisetc.ru/guerras_carlistas_en_espaa_resumensqp8j.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/8853a121-7428-4aff-b0c9-d0be60581da9/sahih_bukhari_hadith_13.pdf
- https://uploads.strikinglycdn.com/files/2ed6db85-74bc-45a9-b167-447ad774536b/chit_navy_term.pdf
- https://uploads.strikinglycdn.com/files/9a4d851b-f662-43d4-b55a-0a90ad7d8d05/probability_worksheet_class_10.pdf
- https://uploads.strikinglycdn.com/files/5a619104-0b32-4f2f-9fd4-02998dbc7d48/how_much_does_a_heating_and_air_conditioning_technician_make_a_year.pdf
- https://s3.amazonaws.com/xupimaral/72293644400.pdf
- https://uploads.strikinglycdn.com/files/da9f94db-a78c-4061-92da-74cedc3756ea/xezalozegilajanapeb.pdf
- https://uploads.strikinglycdn.com/files/fcb02d50-d8bd-412f-afd0-f7945b91d00d/15811611826.pdf
- https://s3.amazonaws.com/rewepalazamiso/spider_solitaire_4_suits_no.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fef7.bin1d1f02cf0d3f1e484540c85c85ef5b44263957b6cfb7c9430b7e67b22fe5402f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFEF7 | 5312 bytes |
font_01_sfnt_off00011100.binbd91105b58ae805c51520cdf886532e1231ad9016a2f8c04241aee8d7ddb53eb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11100 | 11272 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.