Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/award?keyword=histoire+de+l+orthographe+fran%25C3%25A7aise+pdf

  • http://nidomamedop.22web.org/75002217857.pdf
  • https://static.s123-cdn-static.com/uploads/4405950/normal_600846ac21879.pdf
  • https://cdn-cms.f-static.net/uploads/4379487/normal_603e3f64dece1.pdf
  • https://cdn-cms.f-static.net/uploads/4527357/normal_6027d6c0e3692.pdf
  • https://static.s123-cdn-static.com/uploads/4455377/normal_5fed4159dcfa7.pdf
  • https://cdn-cms.f-static.net/uploads/4417129/normal_5fd3da99a8788.pdf
  • http://wibedepotemuru.22web.org/58700462633.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/0db78b78-583e-46e6-9e85-664d795ceb8a/1998164126.pdf
  • https://s3.amazonaws.com/siwixomudit/beyblade_burst_mega_mod_apk.pdf
  • https://uploads.strikinglycdn.com/files/a95982e0-2de4-494d-8a3f-feb4841712c4/42707739518.pdf
  • http://resisimokopi.epizy.com/speed_queen_washing_machine_reviews_australia.pdf
  • http://dafunidubavilo.rf.gd/68698856761.pdf
  • https://uploads.strikinglycdn.com/files/990f8e47-b1cc-4556-8e58-397f749224df/20440992294.pdf
  • https://s3.amazonaws.com/folexapurilowe/yummy_mummy_guide.pdf
  • https://s3.amazonaws.com/kovezodepugov/lilupej.pdf
  • https://uploads.strikinglycdn.com/files/6805ea08-0beb-4bb6-ad7c-c23dd274c48e/sony_shake_33_for_sale_uk.pdf
  • https://s3.amazonaws.com/wotodedaruzuk/2003_cadillac_cts_repair_manual.pdf
  • https://s3.amazonaws.com/veraxawewib/41149916347.pdf
  • http://junikul.epizy.com/what_does_a_makeup_enthusiast_mean.pdf
  • https://s3.amazonaws.com/degagaziv/current_heart_and_stroke_cpr_guidelines.pdf
  • https://s3.amazonaws.com/jadere/60210408161.pdf
  • https://s3.amazonaws.com/wemupajese/dalawurogigotewidotimipu.pdf
  • https://s3.amazonaws.com/temujonuwu/office_monthly_expenses_excel_template.pdf
  • https://uploads.strikinglycdn.com/files/c5f6e14c-73c4-4549-af21-8cb0fcb94269/vefonefadeneguzilunaba.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.