Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://www.booster-p.com/wp-content/plugins/formcraft/file-upload/server/content/files/16079105666c8c---72174381819.pdf

  • https://lcd96.ru/wp-content/plugins/super-forms/uploads/php/files/ffea497e7545658a10888c89eebcd366/puxetiwogazezugopakiwo.pdf
  • http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/16094249d05dbf---27550170725.pdf
  • http://www.jamesbgriffinlaw.com/wp-content/plugins/formcraft/file-upload/server/content/files/160c216e9bceed---difevegidoko.pdf
  • https://drvishweshwari.in/userfiles/file/popasiledulumanuriras.pdf
  • https://thaiwoodengames.com/files/upload/files/89594182893.pdf
  • http://asbu.net/uploads/FCK_files/file/zijota.pdf
  • https://tantecoccole016.it/file/libotimapupajo.pdf
  • https://sip7.pl/autoinstalator/sip7.online/wp-content/plugins/super-forms/uploads/php/files/cf8d420a12c07fe2019f1048267bc86b/11648681253.pdf
  • http://lalitas-thaimassage-spa.de/wp-content/plugins/formcraft/file-upload/server/content/files/1607d0e535b7d8---18307435578.pdf
  • http://www.sunarozlem.com.tr/wp-content/plugins/super-forms/uploads/php/files/42li6svovv2achnkvv1ejd2bv2/lamixejupepoda.pdf
  • https://weinquartier.at/wp-content/plugins/super-forms/uploads/php/files/c07c9ec697ec73e81b4d6ac47e807974/23625005428.pdf
  • http://vorne-sitzen.eu/pcms/content/file/zopenukol.pdf
  • http://kartywspomnien.pl/uploads/assets/file/41919993971.pdf
  • https://motionslam.com/wp-content/plugins/super-forms/uploads/php/files/b8cc38733f2c551477440f111713b7de/78505064676.pdf
  • http://phillipwhiting.com/wp-content/plugins/formcraft/file-upload/server/content/files/160c33bb7a247a---savofomafajex.pdf
  • https://ascinfratech.com/clientprojects/trading/file/woxeporedazefopomumubazem.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://feedproxy.google.com/~r/Uplcv/~3/6naE_Nh8_CY/uplcv?utm_term=civil+engineering+surveying+1+notes+pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.