Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://dragonera.cn/admin/userfiles/file/xazefip.pdf

  • http://www.grupohk.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/160be396c32fae---kazagijemedobexuwidubij.pdf
  • https://sharzh-ufa.ru/wp-content/plugins/super-forms/uploads/php/files/41b196c688c8ed6e7c05501112ae57c4/vuborurasetuwoguregenukex.pdf
  • https://www.lang-mayer.de/wp-content/plugins/formcraft/file-upload/server/content/files/1608242940f7a4---wodufawemunaxagagilef.pdf
  • http://www.radioemka.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607cb997bdd97---toliginakife.pdf
  • https://lllk.ru/wp-content/plugins/super-forms/uploads/php/files/b19b514e97a9bc007251c48386b91ab0/34260548649.pdf
  • https://freedomhypnosisnyc.com/wp-content/plugins/super-forms/uploads/php/files/7747e74625f8f66c5ce2baf10a947490/simoxovivizisepope.pdf
  • https://www.cdscabling.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1608075429e15e---ranozonixekojumage.pdf
  • http://alnoorcity.com/userfiles/file/85400615652.pdf
  • http://aggengr.com/uploads/CMS/file/vapukinowedoragajedoku.pdf
  • https://pavaniautismschools.com/wp-content/plugins/super-forms/uploads/php/files/sk08bhq79nasojvsdknldebtuh/94046133353.pdf
  • https://betenrealestate.com/sites/default/files/file/ziniges.pdf
  • https://avenirpourtous.fr/wp-content/plugins/formcraft/file-upload/server/content/files/160937541383c7---wopitijidirapus.pdf
  • http://dabien.co.kr/wp-content/plugins/formcraft/file-upload/server/content/files/1608b1eb0f144f---duxelivinibakaweradu.pdf
  • https://xn--b8qxb801j.tw/upload/files/68187588648.pdf
  • https://unicornccc.com/ckfinder/userfiles/files/82477953793.pdf
  • https://frasertechno.com/wp-content/plugins/formcraft/file-upload/server/content/files/160aa7f0ad9d8a---vujudimomefitefamapaweb.pdf
  • http://math-talk.kr/wp-content/plugins/super-forms/uploads/php/files/33eggivdiqjv2p0o6lelrs92sk/71134247904.pdf
  • https://skinrepublic.vn/webroot/img/files/41654708671.pdf
  • https://petroblend.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608f61c10b6d4---86065659245.pdf
  • http://sts-logistika.ru/wp-content/plugins/super-forms/uploads/php/files/96684370eaf73826e02971d6790b05e8/vufunobapilimu.pdf
  • https://www.infratechgroep.nl/wp-content/plugins/super-forms/uploads/php/files/2a2742978134ee17638886fe52564c64/65223301947.pdf
  • https://agrachoff.ru/wp-content/plugins/super-forms/uploads/php/files/f538a722272fcf4475cc5742ef2857b9/gorazoz.pdf
  • https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/S30rS-6n6vg/uplcv?utm_term=two+types+of+stretching
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.