Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/123?utm_term=android+recyclerview+selection+mode

  • https://static.s123-cdn-static.com/uploads/4412996/normal_5ffffe944daa2.pdf
  • https://static.s123-cdn-static.com/uploads/4481275/normal_5ff2b9e47c5be.pdf
  • https://static.s123-cdn-static.com/uploads/4423454/normal_600913ea3b0b2.pdf
  • http://timurberg.ru/30179837314nwn0g.pdf
  • http://kismyketio.com/the_shack_netflix_casta359f.pdf
  • https://static.s123-cdn-static.com/uploads/4386347/normal_5fce5ddcd6489.pdf
  • https://cdn-cms.f-static.net/uploads/4445115/normal_605162453ec2c.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/6ef65970-011b-4d8c-b166-e94dfdd57cc5/gelifopewutosugowanafo.pdf
  • https://uploads.strikinglycdn.com/files/08e513cc-863d-4d6d-9ac8-dcd2e8a23751/moviemaking_merit_badge_pamphlet_download.pdf
  • https://uploads.strikinglycdn.com/files/27657bb2-6242-494a-be63-62100b9f6f8c/36109451625.pdf
  • https://s3.amazonaws.com/nitajosasa/ziwajixemotibotoxuv.pdf
  • https://s3.amazonaws.com/xijuxosisomuna/islands_of_decolonial_love_online_free.pdf
  • https://s3.amazonaws.com/kegovev/toni_morrison_sula_characters.pdf
  • https://s3.amazonaws.com/lowuwofuxali/pezazoluvetewexed.pdf
  • https://s3.amazonaws.com/wovugi/87733248286.pdf
  • https://s3.amazonaws.com/zamemigojat/dutasotowepu.pdf
  • https://uploads.strikinglycdn.com/files/c630bf11-ef2a-4c51-890d-29552953beca/67755845537.pdf
  • https://uploads.strikinglycdn.com/files/1376e1e6-f465-431d-9e34-1882127d0a06/hp_elitebook_8570p_i7_release_date.pdf
  • https://s3.amazonaws.com/pusori/alphabet_tracing_worksheets_for_kindergarten.pdf
  • https://uploads.strikinglycdn.com/files/09edd516-c991-42d3-8217-eb65dd06e3b2/66888671388.pdf
  • https://s3.amazonaws.com/loxopudizus/emerson_self_reliance_rhetorical_analysis.pdf
  • https://uploads.strikinglycdn.com/files/76f7e01f-b5e2-4210-a804-d6e1d334fced/25500318312.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.