ASEC observed malware distributed as a PIF executable disguised as a revised 2021 Ministry of National Defense work-report document. When run, the file displayed a legitimate PDF copied from the ministry website while silently dropping a malicious DLL at C:\ProgramData\Intel\Driver\driver.cfg. The DLL was executed with regsvr32.exe and persisted through a scheduled task named Disk0 that ran every 30 minutes. The sample was compiled on January 23, 2021 and was expected to contact attacker-controlled C2 infrastructure at exchange.amikbvx.cf and imap.pamik.cf for further commands, with two hashes and AhnLab detections provided for tracking.