Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://oniceh.ru/pbw?utm_term=worksheet+on+this+that+these+those+for+class+1

  • https://static.s123-cdn-static.com/uploads/4460230/normal_5fcfe4fbcc991.pdf
  • https://cdn-cms.f-static.net/uploads/4452374/normal_603038a7e3f5e.pdf
  • https://static.s123-cdn-static-d.com/uploads/4492257/normal_60b007370d609.pdf
  • https://static.s123-cdn-static.com/uploads/4492871/normal_5fee1c7050e8e.pdf
  • https://cdn-cms.f-static.net/uploads/4493245/normal_605144d3381c2.pdf
  • https://cdn-cms.f-static.net/uploads/4476758/normal_600c3feb580b5.pdf
  • https://cdn-cms.f-static.net/uploads/4484623/normal_605f714898345.pdf
  • https://static.s123-cdn-static.com/uploads/4393515/normal_5fe4fb4314ed4.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/71ee26f8-2337-4107-89d6-56b3e6377494/kevibiwolapadiwabisejif.pdf
  • https://uploads.strikinglycdn.com/files/3e9660aa-2785-4da7-9f32-fda267f15eeb/lowrance_elite_4_hdi_installation_manual.pdf
  • https://uploads.strikinglycdn.com/files/da890c78-03c2-4b5d-be25-98370ab4067d/logic_pro_x_macbook.pdf
  • https://uploads.strikinglycdn.com/files/34eb4878-63d3-435f-99ef-22ede24a35be/how_much_is_the_first_edition_harry_potter_books_worth.pdf
  • http://niwomif.pbworks.com/w/file/fetch/144667284/mezimararamejimut.pdf
  • https://uploads.strikinglycdn.com/files/c981c436-360f-4166-bec6-b6acaebb2f05/27010010660.pdf
  • https://uploads.strikinglycdn.com/files/060cfcad-f2c0-4464-aba1-4272821495aa/memepenuditisow.pdf
  • http://zubipuwaf.pbworks.com/w/file/fetch/144839364/fugotipakodar.pdf
  • https://uploads.strikinglycdn.com/files/cc585335-5669-4ee7-a71d-be761c890125/46927863731.pdf
  • https://uploads.strikinglycdn.com/files/3292b7a5-5146-4111-bf95-82fa3179bdc7/fobipitoxelo.pdf
  • https://uploads.strikinglycdn.com/files/a5c17a6c-9da4-4288-9dfe-06e0bdfda9f6/zimesakamibosegusidisa.pdf
  • http://zupelapowi.pbworks.com/f/mozilla_firefox_latest_version_67_download_2019.pdf
  • https://uploads.strikinglycdn.com/files/3350be14-9294-490e-9bc0-75eda045fa90/qu_hace_el_corticoide_en_el_cuerpo.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.