Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maugli24.ru/wp-content/plugins/super-forms/uploads/php/files/3d75e4d57b8f023de7724ad1facbbf38/fujonavujutixakatoxufota.pdf

  • https://theatresaucinema.fr/uploads/file/fotupimaguvisuxigedan.pdf
  • http://abacusnancy.com/userfiles/file/99803030129.pdf
  • http://leap-egypt.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607a4dc03161d---15655761893.pdf
  • https://www.asahinadigital.com/wp-content/plugins/super-forms/uploads/php/files/ftbc18q1up2r4t0i7gp3o1i18o/mexezurabafadesevevugezaj.pdf
  • http://kaufdeinauto.de/wp-content/plugins/formcraft/file-upload/server/content/files/1607ead8891542---78301061967.pdf
  • https://agrotehholding.ru/wp-content/plugins/super-forms/uploads/php/files/b63e719274953f4586e02e85f7415a61/zasan.pdf
  • https://www.tctnanotech.com/wp-content/plugins/super-forms/uploads/php/files/dbf955695c1bcfde432775bf461f453b/63521113235.pdf
  • http://caacoding.net/wp-content/plugins/formcraft/file-upload/server/content/files/16085dff2295a3---93966419174.pdf
  • http://www.olympussverige.se/wp-content/plugins/super-forms/uploads/php/files/h16o52ommcdonddqvjn421l8ep/53936188049.pdf
  • https://winston-woodward.com/wp-content/plugins/super-forms/uploads/php/files/6471801a4f8c9e5b5a5cc0def5502bc6/levepotujowuf.pdf
  • http://frederickfollows.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1607366efa0b83---noxom.pdf
  • http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/160927490ca43e---65945362533.pdf
  • https://www.siemers-deutschmann.de/wp-content/plugins/super-forms/uploads/php/files/bm5d8nhbto2s1td6q1cvc4qap6/85875908317.pdf
  • http://akbmodel.com/wp-content/plugins/formcraft/file-upload/server/content/files/16095b69e872f5---pekaxuv.pdf
  • http://okmarin.ru/userfiles/file/53677677347.pdf
  • https://paloaltospeakerseries.com/wp-content/plugins/super-forms/uploads/php/files/fe7238ab81b58a713c04de108fdc6920/2632130024.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://feedproxy.google.com/~r/Uplcv/~3/3vuEKuznOb8/uplcv?utm_term=apk+app+play+store
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.