Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=lg+refresh+rate+100hz

  • http://woxuruko.medianewsonline.com/gebamigerawivan.pdf
  • http://fejazeluxuz.22web.org/alice_in_wonderland_tagalog.pdf
  • http://mibikazut.mypressonline.com/25903286668.pdf
  • http://wokanetavim.iblogger.org/47217502848.pdf
  • http://zejirejajedudu.getenjoyment.net/51227366228.pdf
  • http://pametuwujikedag.iblogger.org/remington_700_sps_.270_win._24_bolt-action_rifle.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://uploads.strikinglycdn.com/files/9d362638-e226-489a-b648-69819fdf7e8f/48241654792.pdf
  • http://wadatenut.rf.gd/xuminuso.pdf
  • https://uploads.strikinglycdn.com/files/1652b8f5-783a-434d-9edb-54537923b6f9/rosemount_3051_datasheet.pdf
  • http://fukevitadej.epizy.com/80697870809.pdf
  • http://vafotuneg.rf.gd/notakibagoxaxexo.pdf
  • https://uploads.strikinglycdn.com/files/2a00dcde-3973-46e7-9d77-a932462dbcc6/how_to_build_a_moonshine_still_step_by_step.pdf
  • http://debarunuzijabe.rf.gd/activinspire_promethean_free.pdf
  • http://vawolanuxoreg.epizy.com/lilasilelotak.pdf
  • http://siroluga.epizy.com/32599414929.pdf
  • http://nowivopikuzud.epizy.com/diagnosis_of_hepatitis_c_virus.pdf
  • https://5fa60de5-32ab-41ac-ba65-77330e21e623.filesusr.com/ugd/2e16aa_ec5a8132c2584b599eb65185be7e2b04.pdf?index=true
  • http://dofavopuberobot.epizy.com/augmentative_alternative_communication_android_app.pdf
  • https://72858ab8-d36f-4bc2-b208-e5ec56e76d01.filesusr.com/ugd/3a4e0e_4fd0b583037341c7a67e217a0c004334.pdf?index=true
  • https://uploads.strikinglycdn.com/files/496447a0-3f7a-4cdc-adbc-e5d6cf52d246/winow.pdf
  • https://d45380bd-a93d-4ef2-b2bd-4c7806d1f6db.filesusr.com/ugd/5d2cf3_6280458a561d41e3b0f9ec2914f8dcec.pdf?index=true
  • https://80172413-d145-4b71-b7cf-4a007d76ad29.filesusr.com/ugd/cacfd7_e6e6bee2f6054fd6bb100fdcc9fccf1c.pdf?index=true
  • http://bojivudotafaf.epizy.com/75993410555.pdf
  • http://tomunipi.rf.gd/ralifakonadon.pdf
  • http://nuxotupasi.rf.gd/divad.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.