Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Callback phishing phone lure medium SE_CALLBACK_LURE
  Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maypoin.ru/wix?keyword=one+stop+cellular

  • https://static.s123-cdn-static.com/uploads/4417528/normal_5fdd07dd794f8.pdf
  • http://wusator.mygamesonline.org/zokawowa.pdf
  • https://cdn-cms.f-static.net/uploads/4454546/normal_5fd0f117a2e2f.pdf
  • https://static.s123-cdn-static.com/uploads/4418584/normal_5ff4df5b1fafd.pdf
  • http://pekibimige.mygamesonline.org/49210732423.pdf
  • http://ninuwekevap.scienceontheweb.net/biochemical_food_tests.pdf
  • http://gituwema.iblogger.org/7401312548.pdf
  • https://cdn-cms.f-static.net/uploads/4381740/normal_601a539ba3b13.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/2709424a-b7e3-4885-b5ec-68bb971c811b/94556366250.pdf
  • https://e0d0d77b-4c00-4265-bc22-f0cc5cf11ada.filesusr.com/ugd/957eb4_44929f5cccdb492e96aa365046ffdb94.pdf?index=true
  • https://5a995288-ce6f-4ae3-a3e6-14272d8003db.filesusr.com/ugd/7be1cd_75db8b451fff47af9679ffa322797d59.pdf?index=true
  • https://30cc9e9c-6145-4029-bfdc-d0561bdb3a10.filesusr.com/ugd/0dcf4b_5f6d7f16935f4395936f142ca71081e5.pdf?index=true
  • https://51f47fa2-20f7-4ec4-bb91-8ae4aee689b4.filesusr.com/ugd/917232_2495527dff9f437da0989a46e071290c.pdf?index=true
  • https://uploads.strikinglycdn.com/files/0530ab48-61d6-4f4e-9252-fba3eb82d4f8/big_green_egg_pizza_stone_xl_price.pdf
  • https://1628ddcf-e301-416d-9649-d9339b85441b.filesusr.com/ugd/0b1079_e6825aa332ee44cf9a80de1ba5cf62ce.pdf?index=true
  • https://d668ac4b-7052-46b9-8d0c-7e282d24ced7.filesusr.com/ugd/00fc84_4fe5f6d29afe449c9807bd0265fd111e.pdf?index=true
  • https://60659a61-a27b-47ea-8eac-a81775c62269.filesusr.com/ugd/7a7fb1_737927d220c5415bad23a17d5bc5b5d1.pdf?index=true
  • https://uploads.strikinglycdn.com/files/1c46f9b0-a5e1-4f9f-81ea-8d916ede7bb9/29140409465.pdf
  • http://namasabelugag.epizy.com/95794362771.pdf
  • http://levolavajoji.epizy.com/kizepixawoxosu.pdf
  • https://b25bb209-51d3-4c1a-b111-f3d6b026631a.filesusr.com/ugd/3bcfef_247fffabc3504ff78b306f262eba63c6.pdf?index=true
  • http://vewajelawukos.rf.gd/gomojofikakumetur.pdf
  • https://uploads.strikinglycdn.com/files/cf101bdc-69dc-4e18-9212-ddc76287a898/xomogijetoxakixowagoveve.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.