Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/award?keyword=ways+of+the+world+book+pdf

  • http://viewcreditscore.info/sitinuxonenobozugo7h6dw.pdf
  • https://cdn.sqhk.co/disonixures/nehiiaR/81572488755.pdf
  • http://rusherx.studio/buy_generac_standby_generatorzxv65.pdf
  • http://liketsven.xyz/sepufopigq7zwc.pdf
  • http://letgtma.bid/picsay_pro_2019_apk_purecb4ua.pdf
  • https://cdn.sqhk.co/wixexozesila/JaDhghc/12161414497.pdf
  • http://rewuvov.iblogger.org/sujofuzofevino.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://50aad03f-9d2a-47e6-be13-abd12f321b17.filesusr.com/ugd/3fd638_43180bcd121d4a78942e2d97e3408f6b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/82180dd6-3091-4031-9396-df8f479f5561/lexmark_prospect_pro205_reset_ink_levels.pdf
  • https://s3.amazonaws.com/gitipelut/89756150738.pdf
  • http://mukoluduxoge.rf.gd/wojevujidivowu.pdf
  • https://fb5b3b17-6e6a-47c5-ae49-26eddba71e57.filesusr.com/ugd/aff7be_a81a7a1acdda48d29a749aaef5ba42ec.pdf?index=true
  • https://uploads.strikinglycdn.com/files/da13f5fb-ccf4-4c7c-862b-be593d580112/81263282174.pdf
  • http://zezexef.epizy.com/japuto.pdf
  • https://uploads.strikinglycdn.com/files/60efb7b7-2288-4e86-a660-781823abe488/23107563209.pdf
  • https://uploads.strikinglycdn.com/files/e7f7b49c-2fa5-4719-8b79-22869a49ae1f/have_you_listen_this_song_meaning_in_hindi.pdf
  • https://528f6e5c-6927-42ef-b7a5-a8f9c349750c.filesusr.com/ugd/07b979_838ff88a5aeb4bbb96bc44959cbb34c0.pdf?index=true
  • https://s3.amazonaws.com/bupijila/calculus_larson_6th_edition.pdf
  • https://s3.amazonaws.com/xijuxosisomuna/29183468381.pdf
  • https://ffcd7f67-9b43-45c2-8e44-b15cca9583b8.filesusr.com/ugd/48bf55_245f3f3231b947e79370095c170389d8.pdf?index=true
  • https://d8acad56-eb9a-42d1-a06c-a695c5b02328.filesusr.com/ugd/0ad6c7_3e2dd87fc2c94c94874fae36a26b1356.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.