Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=what+does+reveille+mean+in+english

  • https://cdn-cms.f-static.net/uploads/4454803/normal_601b58fccd408.pdf
  • https://static.s123-cdn-static.com/uploads/4498992/normal_5ff2024114545.pdf
  • https://cdn-cms.f-static.net/uploads/4476001/normal_603a43899b797.pdf
  • https://static.s123-cdn-static.com/uploads/4444623/normal_5fccde3682fcd.pdf
  • https://static.s123-cdn-static.com/uploads/4485152/normal_6005101a386d2.pdf
  • https://static.s123-cdn-static.com/uploads/4459921/normal_5ffcf6c16b4a1.pdf
  • https://static.s123-cdn-static.com/uploads/4452169/normal_5fcbee25801e3.pdf
  • https://cdn-cms.f-static.net/uploads/4422890/normal_603086863686d.pdf
  • https://static.s123-cdn-static.com/uploads/4422137/normal_5fc80a073a89a.pdf
  • https://cdn-cms.f-static.net/uploads/4387922/normal_6009be38bb986.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://uploads.strikinglycdn.com/files/684d88d7-d8bc-4282-ae92-df0693341e47/korean_alphabet_hangul_pronunciation.pdf
  • https://s3.amazonaws.com/bulolimepol/quakers_hill_public_school_uniform.pdf
  • https://s3.amazonaws.com/takateg/wwe_raw_bleacher_report_live_results.pdf
  • https://s3.amazonaws.com/nutanigonu/86302919700.pdf
  • https://uploads.strikinglycdn.com/files/39b0a014-47b8-4355-87f0-fe976be4ff5e/16569422158.pdf
  • https://uploads.strikinglycdn.com/files/39dc0bc7-5152-4d78-a8e7-b7c27834bc3a/45875444032.pdf
  • https://uploads.strikinglycdn.com/files/bd735a27-d68f-4237-99b0-160cd040d1da/how_to_graph_an_fx_function.pdf
  • https://uploads.strikinglycdn.com/files/623536ac-e423-4499-a792-45bc7ac02e27/one_punch_man_king_season_1_vs_season_2.pdf
  • https://uploads.strikinglycdn.com/files/4f416c6e-99e2-4797-8f86-ec7c2f2de733/loxob.pdf
  • https://s3.amazonaws.com/kefefetafij/maze_runner_1_scenes.pdf
  • https://uploads.strikinglycdn.com/files/c208721d-6825-4da8-9c4d-3a29d72b43b0/pazisujikokireboba.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.