Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=download+google+play+android+2.2

  • https://cdn-cms.f-static.net/uploads/4451035/normal_6029b6d593df8.pdf
  • https://static.s123-cdn-static.com/uploads/4369518/normal_5ffcbadc3474f.pdf
  • https://static.s123-cdn-static.com/uploads/4415326/normal_5febcfb67a6df.pdf
  • https://cdn-cms.f-static.net/uploads/4426832/normal_600fe69d104ee.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/5ca8c5cf-b4b3-445f-9f5f-bffcf77115e0/55196378183.pdf
  • https://uploads.strikinglycdn.com/files/878cee8b-d3d0-4831-85ca-7fbea345e4f1/is_carnot_engine_reversible.pdf
  • https://uploads.strikinglycdn.com/files/7b7c97a3-5ac9-43bb-bf6a-1deed457e5c3/marura.pdf
  • https://uploads.strikinglycdn.com/files/c753e191-ac18-4470-aef4-7d35125c75b6/can_a_landlord_charge_for_carpet_cleaning_in_texas.pdf
  • https://uploads.strikinglycdn.com/files/0441b585-85f0-4fbb-8b3e-2c7573b23a57/77984028555.pdf
  • https://uploads.strikinglycdn.com/files/d58eb2e2-e6e3-42f5-a17c-2dd8a7b4aa81/zoom_slowing_down_internet.pdf
  • https://uploads.strikinglycdn.com/files/1b67e445-27bf-420e-8e1a-481c06259129/the_last_song_full_movie_online_123movies.pdf
  • https://uploads.strikinglycdn.com/files/ef9470e5-e8a4-4b34-a2e8-07baa3a5848a/acca_ifrs_diploma_study_material_free_download_2021.pdf
  • https://uploads.strikinglycdn.com/files/02494ad3-e39a-46f0-868e-1efba5063e6a/what_does_culture_means_to_me.pdf
  • https://uploads.strikinglycdn.com/files/ee9523e2-5f74-44bb-b698-474a67102aa5/how_to_use_mainstays_ultrasonic_aroma_diffuser.pdf
  • https://uploads.strikinglycdn.com/files/61893682-a1bd-446a-bfb9-4777b87c7f32/zisofudanelina.pdf
  • https://uploads.strikinglycdn.com/files/6bd7e1f9-16f7-4310-8421-46442c76be4c/theses_on_the_philosophy_of_history_amazon.pdf
  • https://uploads.strikinglycdn.com/files/ac16f8ad-ebc0-4149-9e20-9a19e6028fa3/citizen_eco-drive_skyhawk_blue_angels_titanium_chronograph.pdf
  • https://uploads.strikinglycdn.com/files/1a06681d-3abc-45e8-96a2-b3830f6c7ca6/principles_life_and_work_amazon.pdf
  • https://uploads.strikinglycdn.com/files/78926c8d-5bbe-4d5b-a254-89796ccec74f/totad.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.