Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/wix?keyword=the+consulting+resume+and+cover+letter+bible+pdf

  • http://50offshop.pro/32714029291pec82.pdf
  • http://fionainthefield.org/bijadelulx68wv.pdf
  • http://avto-document.site/zotuxifosinuxofukegb99nr.pdf
  • http://nesobaka9.xyz/design_of_machinery_5th_edition_soluyeh5x.pdf
  • http://gagarinski.su/modokafegararidalu8bmne.pdf
  • http://trysoda.club/9984042453h0u8b.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://uploads.strikinglycdn.com/files/6320cb52-6408-42ed-afdc-7b76eb5fcdb1/asp.net_mvc_6_windows_authentication.pdf
  • http://goruragijojo.epizy.com/26140456037.pdf
  • http://podazowek.epizy.com/java_string_format_prepend_0.pdf
  • http://xoxepilazif.rf.gd/baidu_free_video_er.pdf
  • https://80820154-e864-4b0c-832b-212b24169927.filesusr.com/ugd/c12414_890ed2db80da42f18cda04782e7c2a5f.pdf?index=true
  • https://217ba8a6-026c-4a9e-b1ce-2eadff0a4a08.filesusr.com/ugd/3d7af5_95ca48ca3f9042fab506528d60a3dfa5.pdf?index=true
  • https://uploads.strikinglycdn.com/files/592965ef-0e8f-478a-9986-99b87900d4b7/cen-tech_battery_charger_not_working.pdf
  • https://85ed388a-52e0-4e79-9737-9d4b769dda71.filesusr.com/ugd/bb10c5_d05f39212ec74ca1bfe4e7db90743443.pdf?index=true
  • https://bb55feb6-a0c4-48ae-8f72-aea2c45912f8.filesusr.com/ugd/b9801a_68faf35e74a8415f929d697b4f49d27d.pdf?index=true
  • https://fb413987-6e77-4bf1-aaa6-e97eb550fbee.filesusr.com/ugd/108936_0ca1b219613a4991bc94fb0828dcdb3e.pdf?index=true
  • https://36535336-4f9e-4c0a-b1ad-3385cb5d4299.filesusr.com/ugd/15ebe2_7983c82b38f84cf0be332de61ee81ee4.pdf?index=true
  • https://uploads.strikinglycdn.com/files/08cd4d14-7c91-4ffd-b3b3-f2ab4b6b2b4a/does_heil_make_furnaces.pdf
  • https://uploads.strikinglycdn.com/files/8a8b2600-150d-40cc-b176-ed4e6c17963b/tibabivulabudal.pdf
  • https://uploads.strikinglycdn.com/files/89ac49f1-622f-4666-9a88-c3433cbad38e/27050776626.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.