Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/wix?keyword=nes+tetris+online+unblocked PDF link annotation

  • http://romeoplanet.club/hr_scene_summer_camp_guidej9mwd.pdfIn PDF document text
  • https://cdn.sqhk.co/rilixuzewiv/ifjejak/37481364419.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4493227/normal_5fdb71a52dac3.pdfIn PDF document text
  • http://on24-system.club/64035862394kh5le.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4501810/normal_5fd0f9b905bac.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4495390/normal_5ff89e2cced7a.pdfIn PDF document text
  • http://mnatural.space/ball_mayhem_unblocked_games_76dw1ai.pdfIn PDF document text
  • http://upgrade4me.com/animal_empire_card_game3o55j.pdfIn PDF document text
  • https://cdn.sqhk.co/vitimosugu/nqhbddx/vampiric_dragon_lord_overlord.pdfIn PDF document text
  • http://simcars.ru/b._s._m._s_application_form_20190ig0i.pdfIn PDF document text
  • https://cdn.sqhk.co/nomelafu/EjcieW8/26579540381.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4451210/normal_5ff1c90babd9d.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://lefivox.epizy.com/ganiwutonigowutakumakevi.pdfIn PDF document text
  • https://s3.amazonaws.com/vixuwogetiv/2084326622.pdfIn PDF document text
  • https://s3.amazonaws.com/tidigudetefumof/24223954761.pdfIn PDF document text
  • https://s3.amazonaws.com/minegikukovel/91165111825.pdfIn PDF document text
  • http://katujomun.rf.gd/bootstrap_admin_panel_template.pdfIn PDF document text
  • https://s3.amazonaws.com/bakoloj/bachelorette_movie_parents_guide.pdfIn PDF document text
  • http://xegebasitez.rf.gd/huttodyake_sayodyake_full_song.pdfIn PDF document text
  • https://s3.amazonaws.com/pajukovuxetu/jedikutovapepu.pdfIn PDF document text
  • https://s3.amazonaws.com/gazivemon/20957530273.pdfIn PDF document text
  • http://bawatusarab.epizy.com/60738953375.pdfIn PDF document text
  • https://s3.amazonaws.com/dorulusof/14394811839.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.