Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/strik?utm_term=offline+word+to+pdf+converter+apk+app

  • https://static.s123-cdn-static.com/uploads/4373004/normal_5fe3fe2125ecb.pdf
  • https://cdn-cms.f-static.net/uploads/4389809/normal_60296ba229a8c.pdf
  • https://static.s123-cdn-static.com/uploads/4461485/normal_5fca7efd402d5.pdf
  • https://cdn-cms.f-static.net/uploads/4427080/normal_602f9826ab7b8.pdf
  • https://static.s123-cdn-static.com/uploads/4462696/normal_5fe14535df597.pdf
  • https://cdn-cms.f-static.net/uploads/4475563/normal_606b41ca50b2f.pdf
  • https://static.s123-cdn-static.com/uploads/4444356/normal_5ff995e3da84a.pdf
  • https://static.s123-cdn-static.com/uploads/4449185/normal_5fce7122cc874.pdf
  • https://cdn-cms.f-static.net/uploads/4365606/normal_602f806d58d3a.pdf
  • https://cdn-cms.f-static.net/uploads/4446036/normal_6017d41b3ad3b.pdf
  • https://cdn-cms.f-static.net/uploads/4413835/normal_603f43704c67d.pdf
  • https://cdn-cms.f-static.net/uploads/4454163/normal_5fd72d7dd0311.pdf
  • https://static.s123-cdn-static.com/uploads/4421477/normal_6001e5d18af89.pdf
  • https://cdn-cms.f-static.net/uploads/4458827/normal_600e4dd03f191.pdf
  • https://static.s123-cdn-static.com/uploads/4379848/normal_5fe1c854870fc.pdf
  • https://static.s123-cdn-static.com/uploads/4391623/normal_5fec58ec3b7af.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/purixifusipelid/nefokutisijakokelaki.pdf
  • https://s3.amazonaws.com/kijelopazekune/find_someone_who_esl_worksheet.pdf
  • https://s3.amazonaws.com/bipepezuwed/13537627213.pdf
  • https://s3.amazonaws.com/paxivogedewilu/2016_voodoo_hoodoo_specs.pdf
  • https://s3.amazonaws.com/wazorixekunafob/ap_annadata_sukhibhava_app.pdf
  • https://s3.amazonaws.com/zuguvoxoki/how_to_find_manufacture_date_on_vizio_tv.pdf
  • https://s3.amazonaws.com/megujobemegor/89814430682.pdf
  • https://s3.amazonaws.com/zalomi/65800570641.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.