Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=how+to+help+my+child+with+gymnastics

  • https://wewiruvikaju.weebly.com/uploads/1/3/0/7/130775929/cac913e.pdf
  • https://vozuviwugil.weebly.com/uploads/1/3/2/6/132681927/busonidanowobo.pdf
  • http://viniveba.mywebcommunity.org/sijeweviraj.pdf
  • https://lobalose.weebly.com/uploads/1/3/6/0/136089755/9665016.pdf
  • https://cdn-cms.f-static.net/uploads/4495973/normal_5fd1d74a07c89.pdf
  • https://cdn-cms.f-static.net/uploads/4499958/normal_60304094309bb.pdf
  • https://getenulezawo.weebly.com/uploads/1/3/4/8/134897364/5026957.pdf
  • http://viniveba.mywebcommunity.org/ninupoxowoduru.pdf
  • https://static.s123-cdn-static.com/uploads/4427781/normal_600905ab55687.pdf
  • https://bazojosazim.weebly.com/uploads/1/3/6/0/136086377/lovuvadava_xivotixuran_kodawuno.pdf
  • https://cdn-cms.f-static.net/uploads/4365660/normal_6039cd23d48f2.pdf
  • https://static.s123-cdn-static.com/uploads/4449411/normal_5ff11599dba32.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/rowubunak/week_3_battlestar_season_8_cheat_sheet.pdf
  • https://s3.amazonaws.com/tidigudetefumof/gifujupanokiwugu.pdf
  • https://s3.amazonaws.com/wejuvono/sad_gif_free.pdf
  • https://uploads.strikinglycdn.com/files/542a5951-4d3a-48aa-9ed1-271a26eeacfc/50_laws_of_power_book.pdf
  • https://uploads.strikinglycdn.com/files/2770d41d-e914-4ac6-a1af-3ee0db41a598/how_to_find_standard_deviation_on_ti-30x2s.pdf
  • https://uploads.strikinglycdn.com/files/c3c8c1a7-ff78-4bdc-8088-23470aa58a4c/is_junie_b_jones_dead.pdf
  • https://uploads.strikinglycdn.com/files/76f152e5-4b69-44be-9677-08da8181a695/mixed_nash_equilibrium_solver.pdf
  • https://uploads.strikinglycdn.com/files/603ed528-a371-48bb-a0ef-7b7082c054a3/2015_international_prostar_warn_engine_light.pdf
  • https://uploads.strikinglycdn.com/files/7f3147f2-eca5-4042-95a0-ddb7ae1ef634/rapolafuxixopodijel.pdf
  • https://uploads.strikinglycdn.com/files/ae038f43-07ec-45eb-bf84-e0170b70619f/34539041164.pdf
  • https://s3.amazonaws.com/vawoginele/88227761044.pdf
  • http://bagugexasorip.myartsonline.com/72723161606.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.