Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/wb?keyword=construct%202%20tutorial

  • https://cdn-cms.f-static.net/uploads/4490122/normal_606d8c151376b.pdf
  • https://cdn-cms.f-static.net/uploads/4385633/normal_606ca8b666a1b.pdf
  • https://cdn-cms.f-static.net/uploads/4498392/normal_5feaec2c5acc5.pdf
  • https://static.s123-cdn-static.com/uploads/4473359/normal_5fcb3a834fcb3.pdf
  • https://cdn-cms.f-static.net/uploads/4503787/normal_602e37ae6d799.pdf
  • https://static.s123-cdn-static-d.com/uploads/4401972/normal_60b4a70ddcf1c.pdf
  • https://static.s123-cdn-static.com/uploads/4450727/normal_5ff265ba697c9.pdf
  • https://static.s123-cdn-static.com/uploads/4369499/normal_5ff1b01cf3ab2.pdf
  • https://static.s123-cdn-static-d.com/uploads/4366346/normal_60b0751b2f198.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/59b72fbd-83b1-4020-9216-d1fd8f491ff3/dojoj.pdf
  • https://uploads.strikinglycdn.com/files/f7a82d47-eeb0-49e1-9de5-569ffcba456d/jalukukomixelelivi.pdf
  • https://uploads.strikinglycdn.com/files/698d020a-1bc1-4f95-93db-a2c9c55311c8/zinukojiwebajalulorekut.pdf
  • https://uploads.strikinglycdn.com/files/fa45f6f5-4021-4f4d-9160-2dd3818a313c/tips_dan_trik_marvel_future_fight_farming.pdf
  • https://uploads.strikinglycdn.com/files/d5e98cde-b374-4eec-8032-5f780e84fd03/54787676166.pdf
  • https://uploads.strikinglycdn.com/files/46e9fece-3d91-4c90-b399-157a7a4a9750/orbit_irrigation_6_station_sprinkler_timer_-_green.pdf
  • https://uploads.strikinglycdn.com/files/ec0d9509-bc88-4e03-be6f-fb991eecaff7/what_is_the_newsmax_channel_on_comcast.pdf
  • https://uploads.strikinglycdn.com/files/e344c7f4-5005-426d-928b-3946e1d85a92/gatenada.pdf
  • https://uploads.strikinglycdn.com/files/5afb5125-b06a-4978-acf7-d9ede5145342/pavoba.pdf
  • https://uploads.strikinglycdn.com/files/1a43129b-1238-48a5-b425-90aefca174fa/netgear_repeater_wn1000rp_reset.pdf
  • https://uploads.strikinglycdn.com/files/046159b5-0460-40cf-8b1c-00060d73bfa8/82517519163.pdf
  • https://uploads.strikinglycdn.com/files/b40bcd9a-311f-451d-8367-0dc11d34218f/how_to_troubleshoot_website_issues.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.