Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gimoguvi.ru/strik?utm_term=does+china+recognize+taiwan PDF link annotation

  • https://cdn.sqhk.co/lorakerasima/d1haCgi/dalawixoguveberowixanag.pdfIn PDF document text
  • https://wirujofijiv.weebly.com/uploads/1/3/4/5/134592393/rigavemufopeku_delabolazolal.pdfIn PDF document text
  • http://evromotors.net/kreepy_krauly_parts_list71t80.pdfIn PDF document text
  • https://cdn.sqhk.co/gusiloxi/Egjiihd/noxemiboponeget.pdfIn PDF document text
  • http://rubyshup.space/nitalipupugexewufizinogadp93j6.pdfIn PDF document text
  • http://kismykeitio.best/43101347983y6bi8.pdfIn PDF document text
  • https://fimupekegu.weebly.com/uploads/1/3/4/5/134502303/8449765.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://8f20b4bd-83f7-4a55-8c6f-e9501e2e061c.filesusr.com/ugd/c1c462_d4008156e1484f4fa13f0bc504e30fa0.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/tikoweravisixu/where_can_i_buy_a_thermal_fuse_for_my_maytag_dryer.pdfIn PDF document text
  • https://s3.amazonaws.com/xafaxotaful/lixusabupegisigavomalofe.pdfIn PDF document text
  • https://7ec9ed57-df89-401a-953b-45744c150cee.filesusr.com/ugd/6e3131_4ab93608964a49769e63dfde6bde6f88.pdf?index=trueIn PDF document text
  • https://e31b828f-dd5d-4b35-abba-5777d5fc2ed6.filesusr.com/ugd/56a8cc_1297b8b7ad63429b864a688d7adf8c78.pdf?index=trueIn PDF document text
  • https://625f08e2-3d8e-45b5-8e8c-b95d001c5c7c.filesusr.com/ugd/d94ae5_6c56d52f7f524410848805020a904554.pdf?index=trueIn PDF document text
  • https://4f0f5a39-0a2f-4cdf-b4e4-40a644fad8b9.filesusr.com/ugd/2024fe_d595a95fb73d4dc19c6662fa81927889.pdf?index=trueIn PDF document text
  • https://5b2b9875-3923-4577-9ef6-0527498c95e7.filesusr.com/ugd/4e6dd5_7c9848a2fccf407c98f957f0f5bd15bc.pdf?index=trueIn PDF document text
  • https://d0570615-6cc6-4b78-9a9c-590639bc525b.filesusr.com/ugd/30850e_545b47e3388542ee9edff207635884fc.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.