Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/123?utm_term=trane+chiller+controller+manual PDF link annotation

  • https://static.s123-cdn-static.com/uploads/4402519/normal_5ff0f5552217e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4389358/normal_5fd77002146dd.pdfIn PDF document text
  • https://cdn.sqhk.co/tutabudoxuwa/8iauBif/ffxiv_outfoxed_not_spawning.pdfIn PDF document text
  • https://cdn.sqhk.co/sofizagumup/c0xTlji/94180150239.pdfIn PDF document text
  • https://cdn.sqhk.co/pipujevi/haP1Bjw/dabuperafuxupizajopa.pdfIn PDF document text
  • http://datiwufirul.medianewsonline.com/b._com_books_free_download_mumbai_university.pdfIn PDF document text
  • http://jaxagogilexet.sportsontheweb.net/high_school_chemistry_textbook.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/238fb582-54c0-4e5a-bd1e-516ba671b746/nupewe.pdfIn PDF document text
  • https://s3.amazonaws.com/vufuzewasi/86292036452.pdfIn PDF document text
  • https://0c6b2c5e-c852-454c-8c01-bea24f6181fd.filesusr.com/ugd/b97644_87f4619b66ff4c989212d67b7674f24f.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/baxadelefofibuz/90854031336.pdfIn PDF document text
  • http://sazebufaz.atwebpages.com/luis_cernuda_las_nubes.pdfIn PDF document text
  • http://viwuwijagabote.myartsonline.com/how_to_format_a_professional_letter_of_recommendation.pdfIn PDF document text
  • http://wetukanezin.atwebpages.com/90095618646.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ce8ddc3b-455e-4eff-affc-a413ff1ae86e/5965254193.pdfIn PDF document text
  • https://8b8c7005-3af0-45a1-8e5b-a6902caa9335.filesusr.com/ugd/dbd7d9_e2e790c60c87451d810273751847488b.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/genedesowul/informer_video_song.pdfIn PDF document text
  • https://s3.amazonaws.com/falevi/imperative_exclamatory_sentences_worksheets.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/27ed60ef-a482-4741-9bda-5036de7c8200/osceola.k12.fl.us_employee_portal.pdfIn PDF document text
  • https://s3.amazonaws.com/lunojol/46221491055.pdfIn PDF document text
  • https://85ed388a-52e0-4e79-9737-9d4b769dda71.filesusr.com/ugd/bb10c5_d6bf57e23af14594a6a4f99b96219500.pdf?index=trueIn PDF document text
  • https://04a9e765-cf69-4035-9b9a-998d8fb4e692.filesusr.com/ugd/8c5016_db334978363b495799208e03fac65df4.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.