Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/wix?keyword=kotor+character+guide+steam

  • https://cdn.sqhk.co/tanemurad/Njh5s50/10454384691.pdf
  • https://cdn.sqhk.co/xuxodokoju/YNajdJM/93071992057.pdf
  • https://cdn.sqhk.co/romilononove/jjjj7cU/zilebix.pdf
  • https://cdn.sqhk.co/sekigizakeku/hjWk8pF/castle_wars_2._5_unblocked.pdf
  • http://vuzetasavuxoso.mygamesonline.org/whistleblower_complaint_searchable.pdf
  • https://cdn.sqhk.co/bogebumemilo/gjijagg/17628781794.pdf
  • https://cdn.sqhk.co/novigigexuxo/gjjifih/2008_weekend_warrior_toy_hauler_specs.pdf
  • https://cdn.sqhk.co/gemesikexo/a0SghVJ/28627159803.pdf
  • https://cdn.sqhk.co/fuwasokeg/jhhtbgj/53912199245.pdf
  • https://cdn.sqhk.co/pubamegumox/ZgfMggH/12237134242.pdf
  • https://cdn.sqhk.co/xalibolopov/Bjjngfa/best_ultra_hd_gaming_wallpapers.pdf
  • https://cdn.sqhk.co/bikegola/fNifHmD/34343897706.pdf
  • http://xajabuzowa.scienceontheweb.net/probability_distribution_exercises_and_solutions.pdf
  • https://cdn.sqhk.co/gudijupimeb/aj1mvT8/777_casino_las_vegas.pdf
  • https://cdn.sqhk.co/vemudumuxixu/aaHjdgh/beverley_bike_race_2019_road_closures.pdf
  • http://ramuwesitavoz.mywebcommunity.org/meralgia_paresthetica_patient_information.pdf
  • https://cdn.sqhk.co/zoxunoromi/gfgjy4C/fifudatazovovelu.pdf
  • https://cdn.sqhk.co/xanovixewin/ahfWhjj/real_car_parking_parking_master_mod_game_download.pdf
  • https://cdn.sqhk.co/tipefima/htBzJE2/bubble_candy_shop.pdf
  • https://cdn.sqhk.co/rasetiwulipu/f0hhNge/admirvel_mundo_novo_aldous_huxley.pdf
  • http://metikinave.22web.org/steps_to_improve_self_confidence.pdf
  • https://cdn.sqhk.co/vozevadijut/ee3jeZR/heavy_diamond_cut_silver_rope_chain.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://ramejepazino.rf.gd/school_uniform_direct_mitcham.pdf
  • http://pevipitoz.atwebpages.com/dsm_5_criteria_bipolar_disorder.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.