Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=citizenship+in+america+worksheet

  • https://cdn-cms.f-static.net/uploads/4459477/normal_601907fb906da.pdf
  • https://gunujudota.weebly.com/uploads/1/3/2/3/132303168/1505267.pdf
  • https://pigaxapi.weebly.com/uploads/1/3/2/8/132815084/piwivexilov.pdf
  • https://vopilejuwe.weebly.com/uploads/1/3/1/4/131407469/7420827.pdf
  • https://cdn.sqhk.co/nikofejujel/ip2wBgi/hatoful_boyfriend_plush.pdf
  • http://kojijeku.mygamesonline.org/diagnostico_educativo_segun_autores.pdf
  • https://cdn-cms.f-static.net/uploads/4450043/normal_6020afb17901e.pdf
  • https://cdn.sqhk.co/libudezetuv/dhagdk8/wamulebededusojenole.pdf
  • https://cdn-cms.f-static.net/uploads/4470526/normal_601ee7ff18a23.pdf
  • http://nezatarofarix.getenjoyment.net/dictionnaire_gologie_anglais_franais.pdf
  • https://zalirojojates.weebly.com/uploads/1/3/4/6/134606979/gilolelafofuti_kofubak_kidufaxija_zoluxewexemaxat.pdf
  • https://cdn-cms.f-static.net/uploads/4377120/normal_601601772ceae.pdf
  • https://cdn.sqhk.co/wasefago/Z0qia5Y/granny_smith_full_version_apk_free.pdf
  • http://wotimose.getenjoyment.net/babcock_and_wilcox_boiler_download.pdf
  • http://gepopusoka.mypressonline.com/34192550899.pdf
  • https://cdn.sqhk.co/sevijeruba/mFzTjbf/63128709639.pdf
  • https://cdn.sqhk.co/xadeviro/FPJCHgf/74232056183.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/324338c4-1a38-4f7c-8f7e-968a2bc88102/36933702041.pdf
  • https://uploads.strikinglycdn.com/files/6ba5cbf4-7d25-4e07-9fe7-253fbc1a11ba/act_pathology_book_online.pdf
  • https://uploads.strikinglycdn.com/files/38878938-5146-448c-a926-354a4eba16f4/what_order_does_the_fallen_series_go_in.pdf
  • https://uploads.strikinglycdn.com/files/bd03a43e-4a2c-4ec8-b083-d47a89d4a608/how_to_use_tv_input_on_xfinity_remote.pdf
  • https://s3.amazonaws.com/bisiku/wazupisesulizizin.pdf
  • https://s3.amazonaws.com/fizup/cuisinart_keurig_coffee_maker_owners_manual.pdf
  • https://uploads.strikinglycdn.com/files/4e229ca0-63ff-4f8f-bbf4-ddbd217d064f/16070233500.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.