Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=parallelogram+and+trapezium+area+worksheet

  • http://fumexijana.getenjoyment.net/james_bastien_piano_books.pdf
  • http://universe1.space/20390653157no22.pdf
  • http://tophomework.space/30004369088o34a3.pdf
  • https://cdn-cms.f-static.net/uploads/4474719/normal_6042c12ba5e5e.pdf
  • http://douchehq.xyz/is_developmental_disability_a_mental_disorderdaw9e.pdf
  • https://cdn-cms.f-static.net/uploads/4368760/normal_5fdadf5900557.pdf
  • https://static.s123-cdn-static.com/uploads/4482617/normal_5ff8b2decf55c.pdf
  • http://gafabotipunofu.mywebcommunity.org/bujezuko.pdf
  • https://cdn-cms.f-static.net/uploads/4484610/normal_603b36a832d28.pdf
  • https://cdn-cms.f-static.net/uploads/4393041/normal_602beceed15a2.pdf
  • http://jepisafidezegun.scienceontheweb.net/bharathiar_university_bba_books.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/554758fe-9f3b-4584-9e28-d1b6dbfdcc54/haier_portable_air_conditioner_not_heating.pdf
  • https://s3.amazonaws.com/moduluzuxikari/what_are_the_advantages_and_disadvantages_of_hydel_power.pdf
  • https://uploads.strikinglycdn.com/files/bd68d52d-b180-4724-bab9-de93220cfb89/85897891834.pdf
  • https://uploads.strikinglycdn.com/files/355514f1-fbc4-44f8-aa05-5a12acc45774/bilijabetodit.pdf
  • https://uploads.strikinglycdn.com/files/ac04ceb9-8104-4e5d-961e-34bda6b12d7e/40902139192.pdf
  • https://s3.amazonaws.com/zozofufulolig/b._ed_rajasthan_university_exam_form_2018.pdf
  • https://s3.amazonaws.com/xepululejiwof/character_sheet_roll20.pdf
  • https://s3.amazonaws.com/radubozufiwo/1081544687.pdf
  • https://uploads.strikinglycdn.com/files/343099fe-24e9-4227-bcd6-a306c935e883/netgear_7550_modem_lights.pdf
  • https://uploads.strikinglycdn.com/files/22dc2ab8-c8fd-414c-831a-0448fcc3b0c3/zekizefibekipulitizo.pdf
  • https://uploads.strikinglycdn.com/files/e521780f-e577-4ca7-89fc-7c4c74c6ee88/lugusitatovuv.pdf
  • https://uploads.strikinglycdn.com/files/ab3fa11b-fc99-43ee-a544-fc096b0e45be/nimanazepi.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.