Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/wix?keyword=what+are+containers+in+active+directory

  • http://cz-nitrof.website/bolugoku55pm2.pdf
  • http://nusezuretoti.scienceontheweb.net/butterfly_life_cycle_lesson_plan.pdf
  • http://lumacy.site/fefubevanufevile5wrj4.pdf
  • http://dragonflysagewellness.com/canon_mx700_print_head_errorvuzce.pdf
  • http://ibkreactiva2020.com/nonajokusimomamozezexowuop2m4.pdf
  • https://static.s123-cdn-static.com/uploads/4368503/normal_6007fc8f6f028.pdf
  • http://rixorevu.getenjoyment.net/yasin_dan_tahlil_ringkas.pdf
  • http://adminhalil.com/destro_warlock_guide_8._1._5e7u2p.pdf
  • http://magnifioco.site/47690971007al5hc.pdf
  • http://inmyshtangen.xyz/77670544419y67dt.pdf
  • https://cdn-cms.f-static.net/uploads/4423428/normal_5fd1f929a70cc.pdf
  • https://cdn-cms.f-static.net/uploads/4475197/normal_6022cb5be739f.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://1527c8d3-3321-4e9f-872f-e2bebb57bac2.filesusr.com/ugd/bf2d42_f6f5744869b4477cbd4cc0d30ec6b420.pdf?index=true
  • https://s3.amazonaws.com/jotizifime/what_does_the_ending_of_once_more_to_the_lake_mean.pdf
  • https://s3.amazonaws.com/lukepepe/creative_cloud_uninstall_tool.pdf
  • https://3dcfbd4a-ef33-49dc-a04a-0aaf5307c30d.filesusr.com/ugd/b47706_07264f6ff8c445e1a456161ec26f1738.pdf?index=true
  • http://dupepoge.onlinewebshop.net/sunbeam_heated_blanket_microplush_10_heat_settings_garnet_full.pdf
  • https://s3.amazonaws.com/wivunonovef/action_verbs_worksheet_second_grade.pdf
  • https://6a8c3f3f-5248-4e80-80e0-4bf2c04f72bc.filesusr.com/ugd/8b2c09_e9cd5f78106d4c36b8d75abe829069c0.pdf?index=true
  • https://535a9070-e28a-464b-adc5-c02ad08be00b.filesusr.com/ugd/9df9d6_e6da4ec7ff02495489542bffb6943531.pdf?index=true
  • https://edcb5511-827b-40b0-97c1-3499c313f96b.filesusr.com/ugd/0779a3_77091222f1224b948e1cea2dac26718b.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.