Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/award?keyword=bridges+in+mathematics+grade+5+home+connections+pdf

  • https://static.s123-cdn-static.com/uploads/4476015/normal_5fe2719887b87.pdf
  • https://static.s123-cdn-static.com/uploads/4413583/normal_5ffa9402d1d38.pdf
  • https://cdn-cms.f-static.net/uploads/4485569/normal_605d386f2e278.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://batubegirego.rf.gd/backbeat_fit_500_manual.pdf
  • https://s3.amazonaws.com/vuforewebub/comedy_videos_free_3gp.pdf
  • https://46c19374-600d-43be-a5f2-d8bf07c6fddf.filesusr.com/ugd/cc94a4_14121aa68f4348c7a8cb4e6ea0a9b5f0.pdf?index=true
  • https://s3.amazonaws.com/wuxupewu/teaching_methods_philosophy_of_education.pdf
  • https://uploads.strikinglycdn.com/files/9917118e-61d3-4de3-8bf9-c6c2954b34e5/14637206626.pdf
  • https://s3.amazonaws.com/wezukep/jisatexinovidufak.pdf
  • http://gaviguxugopa.rf.gd/46455868833.pdf
  • https://s3.amazonaws.com/rizoli/ssr_125_custom_parts.pdf
  • https://s3.amazonaws.com/mibiwivanetuj/7956959754.pdf
  • https://00407fa8-a9ef-4b78-9bbe-46147fc8acf6.filesusr.com/ugd/5ecadc_56a49fc390c44d68a719d20cf5e1c3d0.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4f981a69-1111-471f-85cf-ff2fdbe2cd65/kowapeven.pdf
  • https://ff19a39e-637c-4fc6-80cc-750024e8dd37.filesusr.com/ugd/d217e2_e55fa0ec2182403ebaa065b11c2995e2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/21ba80b5-b69a-4e69-a207-0689447bb49e/can_i_use_a_portable_air_conditioner_without_a_window.pdf
  • http://vimedunofonuw.rf.gd/63785299210.pdf
  • https://efed9c07-4553-4484-a419-1b844d271aeb.filesusr.com/ugd/6f475a_3a111c5c3f4b4140943da40567e59953.pdf?index=true
  • https://dcc20dec-0195-4543-b617-cfb82efd15f0.filesusr.com/ugd/30ea26_788abb47c82b473eafc0e4a6f1dfe1ec.pdf?index=true
  • https://53f03ce6-db0b-4f41-9bfc-6956ba41e1f4.filesusr.com/ugd/727e0f_940f53ca5e3b4f2e890668869c27cac5.pdf?index=true
  • http://bupojawepuda.epizy.com/budget_2020_income_tax_changes.pdf
  • http://davozipakit.rf.gd/zumebisijodevufedegi.pdf
  • https://uploads.strikinglycdn.com/files/f3669408-8d45-4da5-94c9-3a7f914363a6/84150027767.pdf
  • https://uploads.strikinglycdn.com/files/1aab3c77-d203-4b89-b5f8-725b54321057/diniropujomaxifijade.pdf
  • https://746420f6-3007-491b-ba72-fd43be5094e5.filesusr.com/ugd/277b62_28c52d941a184f869a59051579410284.pdf?index=true
  • https://f421159b-d329-41e8-bc42-072bc93e4c50.filesusr.com/ugd/65d6f7_4016da87364440ae91686d840deb0904.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.