Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/wix?keyword=fashion+sketchbook+bina+abling+pdf+free+download

  • http://dvestideyli.xyz/ravpower_rp-pb194_review4zr9l.pdf
  • http://my-favshopg.online/hot_chamber_die_casting_process7k0wp.pdf
  • http://fullcreditreport.info/35628212079wj13b.pdf
  • http://pigalimiru.medianewsonline.com/smallpox_and_bioterrorism.pdf
  • http://perevozka.ru/65758856965h13ub.pdf
  • http://gloslides.com/zolitififijirolixr80wp.pdf
  • http://wgathering.org/pokemon_books_free2n1k9.pdf
  • http://sosed.market/avaya_ip_office_500v2_control_unitfa3h3.pdf
  • http://justamorem.com/hitchhikers_guide_to_the_galaxy_book_meaning_of_life_42_quotefsac4.pdf
  • http://ridunculus.com/tcp_ip_model_layers_and_their_functionstb8fa.pdf
  • http://tiwujatujoput.mygamesonline.org/fopibinunuwiw.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://29bb9f0a-cb36-4278-8b1c-05d86a2267e4.filesusr.com/ugd/25e746_3a55f81821ad460c8607877198a82f52.pdf?index=true
  • https://s3.amazonaws.com/zonivezada/lituzizakaxanuberawojifi.pdf
  • https://21a67f6d-2aea-439f-a910-ed4feb6be009.filesusr.com/ugd/173616_a80f31e13d1743cf862906ad5663ece7.pdf?index=true
  • https://bc260b4e-efc2-469d-9102-9c7234992d76.filesusr.com/ugd/b1b3ad_5393664d7b924777a1bf90c2a97ec5e7.pdf?index=true
  • http://vokesakogo.onlinewebshop.net/kevivatunajazisikax.pdf
  • https://s3.amazonaws.com/zuses/rotisijugagixevofoxizule.pdf
  • http://jatoxat.atwebpages.com/atomic_weights_of_elements_1_to_30.pdf
  • https://s3.amazonaws.com/dugibabafod/broil_king_signet_manual.pdf
  • https://983c8978-ad56-435f-a988-47358aa6040c.filesusr.com/ugd/06a663_5681549a9f674e4ab576d3451afddb93.pdf?index=true
  • https://3d7304b5-8527-495f-b913-615d6f357a43.filesusr.com/ugd/ef7486_f2bea007185744cf802f54ec8b429df7.pdf?index=true
  • http://levapoloj.onlinewebshop.net/bivariate_binomial_distribution.pdf
  • https://667b589a-70dd-4c78-a03f-47f6e9f07b1f.filesusr.com/ugd/db80c5_56290c7b77eb41939ae370be9f7fe3fe.pdf?index=true
  • https://ed0f7819-48b4-4c0d-9119-93de03d81b9c.filesusr.com/ugd/e481ce_b276acf54e1241c88c724ce0285a77fb.pdf?index=true
  • https://6c49ff76-e13b-46da-8354-2e633d56f736.filesusr.com/ugd/211c2d_a0ae3e7978ca45fe8ccd12f7f17fd807.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.