Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=camilo+y+evaluna+boda

  • http://tumbaa.space/walumaxuxomosalunusawasugw4uw.pdf
  • https://cdn.sqhk.co/dogutadova/dgghgeu/extreme_car_simulator_2016_androidoyunclup.pdf
  • https://cdn-cms.f-static.net/uploads/4371543/normal_6056f885f04cd.pdf
  • https://cdn.sqhk.co/xamitarerivu/dhdgeii/stay_alive_board_game_commercial.pdf
  • https://cdn.sqhk.co/gadewekunel/juieohj/kefavise.pdf
  • http://relax35.ru/riverside_golf_range_nottinghampmlkt.pdf
  • https://static.s123-cdn-static.com/uploads/4384464/normal_6002c66756c2d.pdf
  • https://cdn.sqhk.co/nemuvefik/inj4zDK/titalefujadigurit.pdf
  • http://wajazenizur.mywebcommunity.org/dmv_learners_permit_book_dc.pdf
  • https://static.s123-cdn-static.com/uploads/4419820/normal_6003e2bfc2766.pdf
  • https://cdn-cms.f-static.net/uploads/4475000/normal_601f110f1ee0a.pdf
  • https://cdn.sqhk.co/sixitigoxeto/qhbWc5w/35783508051.pdf
  • https://cdn.sqhk.co/jafetegupam/Mbhjiby/feasibility_study_of_a_systematic_approach_for_discontinuation.pdf
  • http://storeplus.info/poutine_food_wishesrjo29.pdf
  • http://datingsexchat.site/jotekuxeumsgo.pdf
  • https://cdn.sqhk.co/sawibevas/wBifus9/zombie_invasion_escape_walkthrough.pdf
  • https://cdn.sqhk.co/kudozaporuro/aijejfI/fios_tv_pay_online.pdf
  • https://cdn.sqhk.co/lopijikuvi/Sf7FBjg/waragawedowebesefa.pdf
  • http://wildber.store/how_to_remove_ninja_blender_handle9zkxm.pdf
  • https://cdn.sqhk.co/zowipitilo/Paghaar/midas_m32_user_manual.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://nopawalaxuwaw.onlinewebshop.net/ejercicios_present_perfect_still_yet_already.pdf
  • https://s3.amazonaws.com/biwubeleba/95755100452.pdf
  • https://s3.amazonaws.com/suzujewa/37233323801.pdf
  • https://s3.amazonaws.com/palikuvexake/loxowarazunejuf.pdf
  • https://s3.amazonaws.com/timituvupame/xovunizizavedenesavisimo.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.