Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Cloud document impersonation lure medium SE_CLOUD_DOC_LURE
  Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/strik?utm_term=software+project+management+skills

  • http://zomewegi.iblogger.org/cursive_handwriting_worksheets_numbers.pdf
  • http://pixujuxe.mypressonline.com/pillars_of_eternity_2_poradnik.pdf
  • http://peromopativej.mypressonline.com/how_much_does_a_3.5_ton_trane_ac_unit_cost.pdf
  • http://zezasasipow.iblogger.org/49305194655.pdf
  • http://melowimaz.getenjoyment.net/rivazosifakamarikowa.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/zurovajij/homelite_chainsaw_operation.pdf
  • https://s3.amazonaws.com/kakef/my_apple_id_security_answers.pdf
  • https://uploads.strikinglycdn.com/files/d4cad469-0635-4baa-bf9e-c90d255258be/2000_skyline_aljo_travel_trailer.pdf
  • https://s3.amazonaws.com/tuxutedi/10419777953.pdf
  • https://uploads.strikinglycdn.com/files/73846972-726e-4b42-b188-ae06d4731790/99176162517.pdf
  • http://dosibaguluf.epizy.com/willingness_to_pay.pdf
  • https://uploads.strikinglycdn.com/files/c30d7d90-ecdf-42c6-8b72-9be9855e2076/26445961227.pdf
  • http://nebamolowitumik.epizy.com/search_form_sql_injection.pdf
  • http://toxukofotu.rf.gd/nelevosin.pdf
  • https://67dc9804-4028-4298-afd7-d431d2c16fe6.filesusr.com/ugd/559c84_da4e0703e16d457fab5c21905f514ff2.pdf?index=true
  • http://muvaxuzuf.rf.gd/asc_842_fasb.pdf
  • https://e108c0fa-8e70-4110-aab7-e0d30777705f.filesusr.com/ugd/d9966b_0b8a82c7240f486aa9d84c32c6fe33c9.pdf?index=true
  • http://xewenofos.epizy.com/55813453134.pdf
  • https://7133fc40-0b9c-4701-b953-e7fafc934b44.filesusr.com/ugd/70a38d_47353c88d93a4f7f8ceb55dd7804fcf6.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.