Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/strik?utm_term=what+is+the+main+theme+of+little+red+riding+hood

  • http://falanog.iblogger.org/damawizufugiru.pdf
  • http://cashbackmoney.info/dapasujofefawe0s7jj.pdf
  • http://policyhelpcenter.com/magic_cube_nicer_dicer_review2x6rm.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/kezemiradigu/data_structures_and_algorithms_in_java_video_tutorials.pdf
  • https://s3.amazonaws.com/pukaridimupo/puwudekunomixexax.pdf
  • https://a6132035-7465-4fe4-be4e-2faa96c22dab.filesusr.com/ugd/cf950b_61c60074291f48fcbb99c79d6d7c9410.pdf?index=true
  • https://uploads.strikinglycdn.com/files/f5767f36-2ce7-4324-b8ad-e52d2874ebac/safometerezojujepokovigat.pdf
  • https://uploads.strikinglycdn.com/files/324de196-3718-42f8-8520-a33b89ca5ecc/52993122438.pdf
  • https://s3.amazonaws.com/mixanaz/11818422630.pdf
  • https://86146b48-cf95-488a-b5a0-22832f4589a6.filesusr.com/ugd/3b4eee_280bfff625c34569a250342a5c2b3624.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b2de470f-36d5-4315-9c01-435e7d12ea3b/33480817150.pdf
  • https://uploads.strikinglycdn.com/files/e6811965-0338-4b39-bfe5-ae38b750f2c1/shirley_jackson_the_lottery_interpretation.pdf
  • https://8d928d4c-4e32-4dc6-8093-d383c90b3cca.filesusr.com/ugd/b5d49c_a2ca3eb5e68c4021a11e31a69b8026d7.pdf?index=true
  • http://wuburujezajewix.epizy.com/werewolves_of_millers_hollow_rules.pdf
  • https://uploads.strikinglycdn.com/files/c60e3201-ca67-4afb-bbb0-ed446f7f909c/56720889587.pdf
  • https://s3.amazonaws.com/palevijuj/ibm_analyst_notebook.pdf
  • https://uploads.strikinglycdn.com/files/044333aa-01c9-47a9-a092-584c08bd0eb2/bose_sounddock_original_power_supply.pdf
  • http://weloridotam.epizy.com/92439189123.pdf
  • https://uploads.strikinglycdn.com/files/c8a1caf0-103b-4f4f-b6f7-71cb1f1db8f3/how_much_sodium_in_taco_bell_power_bowl.pdf
  • https://s3.amazonaws.com/bolovopizonuki/33605164713.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.