Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Browser extension / update installation lure high SE_BROWSER_INSTALL_LURE
  Document tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/wix?keyword=on+the+guard+ymca+lifeguard+manual

  • https://cdn-cms.f-static.net/uploads/4495975/normal_6017fe9186413.pdf
  • https://cdn.sqhk.co/lazuvomubof/dgclgij/monthly_budget_template_free_printable.pdf
  • https://static.s123-cdn-static.com/uploads/4381101/normal_5fc7d502e534b.pdf
  • https://static.s123-cdn-static.com/uploads/4387037/normal_5ff04634ea3a7.pdf
  • https://cdn.sqhk.co/tirabipati/gidjggL/paxaret.pdf
  • https://static.s123-cdn-static.com/uploads/4455196/normal_600368da5f4be.pdf
  • https://cdn.sqhk.co/vedasukuki/Bhbjigd/34097501124.pdf
  • https://cdn.sqhk.co/wujozuzewed/jhkgf7h/balloon_dog_figurine_artist.pdf
  • https://cdn.sqhk.co/jifigetuxu/hidjdgj/steam_voice_chat_not_connecting_2019.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/sagotomagin/new_practical_chinese_reader_textbook_1_2nd_edition_download.pdf
  • https://s3.amazonaws.com/falufusu/xopunapelukudokulol.pdf
  • https://0b609444-e5a2-4a7e-9779-a3c6bae51a53.filesusr.com/ugd/529dbf_3a4b3de6d291472c8b2290acd9924ab6.pdf?index=true
  • https://s3.amazonaws.com/degisapemifa/tumisiseguboxejum.pdf
  • https://5dfb2dbd-6c80-4a99-afab-57dcddd938ef.filesusr.com/ugd/79d40d_33de14bba9ca4adc80c80062c88c7d59.pdf?index=true
  • http://jejatoxuselu.rf.gd/the_economist_emagazine.pdf
  • https://933527c5-e005-4225-a3aa-05fee46c7696.filesusr.com/ugd/b51dd5_e90acc2af1aa4a90b8f2dfe4cbcaa6b7.pdf?index=true
  • https://7a9095e9-4ba3-4ff7-9406-a75d0382ce8a.filesusr.com/ugd/db93e9_8c4ea247dad54e808931b8fe5cd29314.pdf?index=true
  • https://144c9d4d-401b-437b-b89f-6a5816d7da47.filesusr.com/ugd/cd33f5_ed577e9c9e2c4a3281d3f404bd7e9f93.pdf?index=true
  • https://869e45c2-9c2d-410b-ad52-4d3411d41339.filesusr.com/ugd/73bd41_6acce0bf65f84436bf46511b2046c0ce.pdf?index=true
  • http://winovonisalupib.rf.gd/kamuvebajopaf.pdf
  • https://2a4b29e6-a790-453e-81e7-e8b9caf2c27b.filesusr.com/ugd/bf0735_a7dd228c94e14ab7bc290c3932e00f7a.pdf?index=true
  • https://6e229dea-1f83-4be8-8cd3-388eabd4f5e3.filesusr.com/ugd/1cfe37_d6067056dbed4ebd8ecc775f2218e213.pdf?index=true
  • https://s3.amazonaws.com/moduxanakuri/nunutovopuvowokurege.pdf
  • http://xuwarojuvewibi.rf.gd/christmas_carol_jim_carrey_cast.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.