Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crophysi.ru/strik?utm_term=what+is+the+best+led+light+therapy+mask PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4402246/normal_6051a216188b0.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4489245/normal_5fd147558d832.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4421957/normal_5fe9fe9861568.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4366014/normal_5fc86eb4388e4.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4419425/normal_60532f916f44f.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4445555/normal_605836c4acb90.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4422163/normal_6018e4ba57700.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/0e5d0bf2-f996-4ad3-a524-14e7a950787b/canon_mf8300c_driver_is_unavailable.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/98d01513-e7ca-4a97-8171-7dd66f2e41eb/insta_lifestyle_presets_for_mobile_and_desktop_lightroom.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e6fba613-741f-45fc-825d-991ef17616bf/how_to_make_a_wing_chun_wooden_dummy.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/07d17fc6-abcc-4548-bdfe-02fb0a720046/onan_generator_parts_memphis_tn.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c00584ce-b9c1-4097-93ff-85b8574404ba/sample_incident_report_for_security_officer.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8c176219-1a7c-4aa7-99ed-62d8b86d8a29/suzadurej.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9e5d7259-de35-4a4d-8359-fc8311460cda/pearl_of_great_price.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/726db2fc-1ea7-4999-a05a-5688fb85157e/guxutefaxov.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/dab1046f-e45b-4a11-a537-f04bed4a20e4/38765091371.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a05bb24f-f9f1-4035-9c90-ae44f4a790db/what_is_the_best_e_wallet_for_cryptocurrency.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ca501ff6-9990-44d4-ba28-9c29bd88771e/xafukovatuj.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.