Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Callback phishing phone lure medium SE_CALLBACK_LURE
  Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dafemum.ru/strik?utm_term=how+to+buy+stock+premarket+on+td+ameritrade+app

  • http://faceskinagainbeauty.xyz/english_learning_classes_for_adults_online2iyzz.pdf
  • http://creditactive.info/cules_son_los_alimentos_que_ms_engordan3olv4.pdf
  • http://loxapul.iblogger.org/assamese_song_2018_mp4.pdf
  • http://creditscorecard.info/7041274789j576o.pdf
  • http://xokoden.22web.org/coding_interview_cheat_sheet.pdf
  • http://mofopafilubo.22web.org/36040091458.pdf
  • http://health2health.online/44668005961com59.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • http://mexokibalu.epizy.com/31017577255.pdf
  • https://8c285b57-3156-47ce-881b-df665acc117b.filesusr.com/ugd/8d46c2_7a0b27f6c23542718940861e275f03e5.pdf?index=true
  • https://uploads.strikinglycdn.com/files/ee013f53-5100-4ea6-b622-ca5b443cd1f4/81712948402.pdf
  • https://uploads.strikinglycdn.com/files/bafcfe40-84a8-4765-bcb9-17d88bfcdbbf/how_many_copies_did_harry_potter_sell_in_the_first_year.pdf
  • https://c216880a-03a2-4774-ab7e-121c93799e8f.filesusr.com/ugd/b5aed9_28d8d6783ce64b5e8188e746ea33c110.pdf?index=true
  • https://c8019651-2137-4367-b38e-775fff3f8a75.filesusr.com/ugd/fc5a02_d7f11a42a12e4539b1ee52426a085254.pdf?index=true
  • https://uploads.strikinglycdn.com/files/ee9171bc-c650-49b6-bc44-f4b52096aeac/joxowukuf.pdf
  • http://ledonapagemes.epizy.com/24246284627.pdf
  • http://vexelikepe.epizy.com/indefinite_pronoun_worksheet_answer_key.pdf
  • http://kazaxese.epizy.com/1492_conquest_of_paradise_answers.pdf
  • http://gaguvidub.epizy.com/black_and_decker_8_cup_food_processor_parts.pdf
  • https://f405dec1-7f90-4f4c-a861-5286f67d0127.filesusr.com/ugd/ab922d_de4a8b3e7600427095f342aa7dd66b30.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.