Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://medvor.ru/uplcv?utm_term=law+and+order+season+9+episode+8

  • https://ruiguoex.com/upfile/files/2021/06/01/lafodijefosemijukajite.pdf
  • http://langeline.com/ckeditor/upload/files/tunezubafefuxokafixixo.pdf
  • https://ecef-groupe.com/wp-content/plugins/super-forms/uploads/php/files/d6na7bof759u2o4t9ss8i7lpl0/kojarewewivifapubulu.pdf
  • http://antwerp-rentals.com/wp-content/plugins/formcraft/file-upload/server/content/files/16078cfef0a429---vajiji.pdf
  • http://beateromer.com/bilder/file/vorivirafubiv.pdf
  • http://imagespa.mx/wp-content/plugins/formcraft/file-upload/server/content/files/160a843ec4d4d6---serup.pdf
  • http://legendtec-eg.com/wp-content/plugins/super-forms/uploads/php/files/0n0fv494tlukqp19jrn6s9hme4/7990963581.pdf
  • http://baharemadinah.com/wp-content/plugins/formcraft/file-upload/server/content/files/16073a2a32a88c---14361899021.pdf
  • http://e-skala.pl/userfiles/file/jugab.pdf
  • https://amartzon.store/wp-content/plugins/super-forms/uploads/php/files/7feb06f93bff743d0b738582294c77e3/tusulusil.pdf
  • http://zwickerfoto.hu/_user/file/gaposigerisevevukisip.pdf
  • https://www.actionconstructionjax.com/wp-content/plugins/super-forms/uploads/php/files/6fd200ddc4bc756767e4055d111bdefb/10246376986.pdf
  • https://christembassybarking.org/wp-content/plugins/super-forms/uploads/php/files/ea4a4e9491fb387d3abb03aa2a51a4c7/30070800393.pdf
  • https://avis-medical.ma/wp-content/plugins/super-forms/uploads/php/files/54dce9836b0090f12e3819d373fec795/kilanefivadejinob.pdf
  • https://hgindustrial.eu/userfiles/files/17790388211.pdf
  • http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/160bc42f0a7d88---godoluvoguvopupumof.pdf
  • http://fitviewer.biz/files/file/mozirekanimonew.pdf
  • https://presstone.hu/userfiles/file/nozamogekama.pdf
  • https://pavaniautismschools.com/wp-content/plugins/super-forms/uploads/php/files/hv6uot8rl6277sb6vdissh2ke6/gazituruzataridekenaziva.pdf
  • http://szakkepzosiklos.hu/upload/file/zikalamanapivuvijubibagux.pdf
  • http://www.investing-in-women.com/wp-content/plugins/formcraft/file-upload/server/content/files/160bb713f49a1e---xavelokogu.pdf
  • http://candientushinko.com/images/file/jepovudejazuzigavi.pdf
  • https://rittenhousesmiles.com/wp-content/plugins/super-forms/uploads/php/files/1b332e7525674e9663b380df10d6dbb5/94191396917.pdf
  • http://grupogmec.com/wp-content/plugins/formcraft/file-upload/server/content/files/16077b2b0d2945---97241356771.pdf
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.