MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating a high likelihood of malicious intent. The presence of an external URI pointing to 'vilenefex.ru' suggests a phishing or credential harvesting attempt. Although no scripts were explicitly extracted, the PDF structure and the ML detection point towards a malicious document designed to trick users into visiting a compromised URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/award?keyword=centralismo+y+federalismo+en+colombia+pdf
- https://cdn.sqhk.co/jozopotuwomo/hgKigjs/best_2020_tv_under_1000.pdf
- http://gejejasofubi.mywebcommunity.org/9646201976.pdf
- https://cdn.sqhk.co/temetixufuxi/FYjeDQv/26180808453.pdf
- http://tasiperop.medianewsonline.com/alternative_investments_caia_level_i.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://lepopate.epizy.com/castrol_gtx_20w50.pdf
- https://ce099f17-eb12-430b-a452-8d789b3ee5a8.filesusr.com/ugd/aef5b7_fa71bc9d562f49c7bb10c7ae44989ae1.pdf?index=true
- https://d670dda7-df53-4ef1-8eda-d3256df28744.filesusr.com/ugd/dbbbec_dbd3cdf1eae84cb2b2963d90e0e556c5.pdf?index=true
- https://s3.amazonaws.com/webipejonavuv/gamagobojajedekorudoga.pdf
- https://s3.amazonaws.com/vazisi/dunitinasubanevogiged.pdf
- http://fidajakafitota.epizy.com/the_man_who_couldnt_stop_summary.pdf
- http://xobikiganerewen.rf.gd/letter_format_for_industrial_training.pdf
- http://zamutodud.rf.gd/jomovate.pdf
- http://tikisomoxo.epizy.com/autocad_lisp_commands_free.pdf
- http://kajomeki.epizy.com/71684989719.pdf
- https://c6de0af5-2a4c-46da-924c-839bccb102c6.filesusr.com/ugd/5f1f0f_55d83a002c404f9ea228fb57ed3dc7f1.pdf?index=true
- https://c8070bf9-ed42-4c5d-8eb8-ca35ee70f136.filesusr.com/ugd/d38238_2d68625a6dc94fc89a96b62b7c73fdca.pdf?index=true
- http://pizitibasowu.atwebpages.com/biosecurity_peternakan_sapi.pdf
- http://fepexunigamof.rf.gd/access_database_query_date_format.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ea22.bindd72c65b987b2a6295b7870ddf43456acb7af6ad5950e5b1fd25055527b17ca1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEA22 | 5448 bytes |
font_01_sfnt_off0000fc94.bin43012a07b299f8fd8a513b728ca92cfc0fa90e4a09c7f21fc7640e77e378559e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC94 | 10668 bytes |
font_02_sfnt_off00012125.bin9af6fc3bf9d751f70540aea0fa47faa159a3604992cda23d2adcda3ffc5346b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12125 | 16092 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.