Malicious PDF — malware analysis report

Heuristics 5

• Recovery secret / private key request critical SE_SECRET_RECOVERY_LURE
  Document requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/strik?utm_term=windows+server+2012+r2+cipher+suites+registry

  • https://cdn.sqhk.co/tuxonewebuke/8ghSjbS/zezari.pdf
  • https://cdn.sqhk.co/jurugaguvedu/jjgdzgi/21583214600.pdf
  • https://cdn.sqhk.co/wamiratena/iEfieif/potion_punch_mod_apk_version_5._0_2.pdf
  • http://zumewidife.mygamesonline.org/nomuxajivanofoxubiravuje.pdf
  • http://wikowezenitezo.medianewsonline.com/tuxamip.pdf
  • http://fakutuzogazu.sportsontheweb.net/oral_candidiasis_adalah.pdf
  • https://cdn.sqhk.co/porekige/6hc1zji/indonesia_travel_guide_free.pdf
  • https://cdn.sqhk.co/zasokolof/2g2jcF1/best_video_browser_for_iphone.pdf
  • http://gebevojika.mygamesonline.org/black_and_decker_hedge_trimmer_electric.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://wutejaxevewef.myartsonline.com/rinotovawidevaroxajerinut.pdf
  • https://299bc67c-4c9a-44ea-852c-18f2d39dca40.filesusr.com/ugd/954c8b_cb23b3e9c3e040288e2fd6e0971f971d.pdf?index=true
  • http://dozopedatofol.atwebpages.com/55687980551.pdf
  • http://zatuvejamubolo.atwebpages.com/kenofatudezakomesuk.pdf
  • http://gepafelixadu.onlinewebshop.net/saudi_quran.pdf
  • https://4f640d82-8365-4c22-93d6-dbd3427c3fb0.filesusr.com/ugd/55e8b7_075840811ab94e3b8841a5b09fbc71ce.pdf?index=true
  • https://0491f86b-060d-4f4a-be23-b0d01488777f.filesusr.com/ugd/faa7ef_31b34d6785c4439ca8847a6fa312f923.pdf?index=true
  • https://86146b48-cf95-488a-b5a0-22832f4589a6.filesusr.com/ugd/3b4eee_37a1ac5aa1504bafb2b2e32989d3196f.pdf?index=true
  • https://s3.amazonaws.com/panalipolifod/54302550753.pdf
  • https://598a1783-db1d-4ebb-96f5-d3ad23e1e090.filesusr.com/ugd/ae99eb_b58fbe12a73245f89d8ea2a2f83e0683.pdf?index=true
  • https://s3.amazonaws.com/tapelu/47395735421.pdf
  • https://be934b08-0dcc-4e2e-8de1-c3c1c32dbfab.filesusr.com/ugd/d5415a_0811cb27bdb54c18a857e03547908fd0.pdf?index=true
  • https://s3.amazonaws.com/sugosubexez/21424978182.pdf
  • https://s3.amazonaws.com/zedudo/serimez.pdf
  • https://s3.amazonaws.com/regegozumekoza/better_apartment_design_guidelines.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.