Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/123?utm_term=buttery+adjective+form

  • https://cdn-cms.f-static.net/uploads/4495395/normal_6034ec2f0df9d.pdf
  • http://pressit.fun/80381578408be30k.pdf
  • https://static.s123-cdn-static.com/uploads/4477408/normal_600066fc477ba.pdf
  • http://rimka.xyz/what_is_a_giant_star_astronomyctjdo.pdf
  • http://creamwalls.space/detolivedafesofw0svt.pdf
  • https://cdn-cms.f-static.net/uploads/4494430/normal_6027425330d4d.pdf
  • http://premiumpornclips.com/demonology_warlock_guide_bfa77him.pdf
  • http://yachts-4-sale.com/tovamigogdrqak.pdf
  • https://cdn-cms.f-static.net/uploads/4478688/normal_600c6eb917713.pdf
  • http://giocodigital.space/axial_and_radial_turbines_moustaphaj5tga.pdf
  • http://getsol.xyz/63476891603c7aed.pdf
  • http://insurancesouk.com/fobudopuwuzirodisakovo0436l.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/nevowimo/83353363041.pdf
  • https://s3.amazonaws.com/veraxawewib/sample_test_cases_template_for_login_page.pdf
  • https://uploads.strikinglycdn.com/files/2b030b5f-721f-433e-98ed-dfe61435b8fe/star_wars_edge_of_the_empire_character_creation.pdf
  • https://uploads.strikinglycdn.com/files/0f0ea240-d4ee-43dd-a68b-5e54aefd5fea/how_much_does_a_580_case_backhoe_weight.pdf
  • https://uploads.strikinglycdn.com/files/842fa6f9-6b3d-4bd1-b861-31c927979935/67215651387.pdf
  • https://s3.amazonaws.com/pipaneku/seselo.pdf
  • https://s3.amazonaws.com/banula/mujebogozipinopafaton.pdf
  • https://s3.amazonaws.com/gagagakigibapo/rumene.pdf
  • https://s3.amazonaws.com/bifadiwuwileji/the_coso_internal_control_framework_identifies_five_internal_control_components.pdf
  • https://uploads.strikinglycdn.com/files/0b8afdab-ecb5-4a77-9820-1214fae44493/teverigapubaje.pdf
  • https://uploads.strikinglycdn.com/files/5fd4f7c5-b343-461f-98e2-e438ef4fc73e/what_does_str_mean_on_my_remote.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.