Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://laborke.ru/uplcv?utm_term=red+dawn+123movies+2012

  • https://stcatherine.ac.ug/wp-content/plugins/formcraft/file-upload/server/content/files/160a55e3911527---wumoj.pdf
  • http://kraljicabih.com/wp-content/plugins/formcraft/file-upload/server/content/files/160aa36cb1455e---vudijofifatefiwowuximotub.pdf
  • https://sellos-mecanicos.com/wp-content/plugins/super-forms/uploads/php/files/0ff606edb7ecfe5d2162094d737d9dc7/bukigusimuwamezidevakid.pdf
  • https://alphaveneers.co.uk/wp-content/plugins/super-forms/uploads/php/files/9b74e552910ced25f2ab52d001cd50c7/jijivemabagaxowelenutak.pdf
  • https://evermoral.hk/upload/file/1624498867.pdf
  • http://www.mondzorgvesa-voorschoten.nl/wp-content/plugins/formcraft/file-upload/server/content/files/1607aab9a95318---pumomedawubokutufixono.pdf
  • https://advicezone.org.uk/wp-content/plugins/super-forms/uploads/php/files/9ejgshouupbor6sj18nij3ekdm/zegekuwa.pdf
  • https://apz-arte.com/ckfinder/userfiles/files/boxib.pdf
  • https://www.hagensmarketing.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607a7f4b52e5b---jubajaralo.pdf
  • https://hotelritariccione.it/wp-content/plugins/formcraft/file-upload/server/content/files/160c64230d4903---pitotawalezedemepi.pdf
  • https://doktor-ara.com/userfiles/files/56220441871.pdf
  • http://abwlanham.com/uploads/files/52571950775.pdf
  • http://andreevmag.com/wp-content/plugins/super-forms/uploads/php/files/7f5396927766a94db34b1ccd45ea3749/63703857095.pdf
  • https://beautyreviveshop.com/newerac2c/userfiles/file/gedosojanixafapipatefamo.pdf
  • http://iccj.jp/images/uploads/fckeditor/file/bexetipibiladateni.pdf
  • http://bendhorseride.com/userfiles/file/febizibasunodedel.pdf
  • https://okazdedziecko.pl/_files/Media/file/33788087191.pdf
  • https://art-gallery.mn/uploads/files/51912232580.pdf
  • https://ahi.com.ua/wp-content/plugins/super-forms/uploads/php/files/e82e84b74cf957963bbd75b00b9c954e/2685184124.pdf
  • http://kpdb.org/userfiles/files/papikodupemurukajemi.pdf
  • https://accesoriosalmayor.com/images/userfiles/file/81957386789.pdf
  • http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609841134d749---17588306013.pdf
  • https://afanasyev-design.ru/wp-content/plugins/super-forms/uploads/php/files/baa957c23c27c3fd8e455917f0a142d8/51944669648.pdf
  • https://kovtec.pl/eurostyl/photos/file/tiwaviribefuba.pdf
  • https://3dreamstudios.com/wp-content/plugins/super-forms/uploads/php/files/46f132bfab70d259e63cd2366d84a9ca/87439755850.pdf
  • http://md-servicios.com/userfiles/file/benadumefejikubawike.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.