Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/strik?utm_term=2006+honda+odyssey+for+sale+craigslist

  • http://creditscorefix.info/292237556339zysk.pdf
  • https://static.s123-cdn-static.com/uploads/4365584/normal_5ffa28da7a443.pdf
  • https://static.s123-cdn-static.com/uploads/4393785/normal_5fe41ce7838fa.pdf
  • https://static.s123-cdn-static.com/uploads/4451760/normal_60029e683be73.pdf
  • http://ryursew.space/447282890279pkfk.pdf
  • http://freedate18.xyz/nirabobotisiwqejb.pdf
  • https://cdn-cms.f-static.net/uploads/4500911/normal_606123f74ae2a.pdf
  • http://bcipreactivaperu.com/who_does_boxer_symbolize_in_animal_farm4qew5.pdf
  • https://cdn-cms.f-static.net/uploads/4470960/normal_602612a75dab5.pdf
  • http://vash-komfort5.ru/create_a_form_in_html_using_cssyqpay.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/67276b54-fc97-4d26-a2e7-e25159e06aba/jolapisixexoxipuvele.pdf
  • https://s3.amazonaws.com/wiwuxot/francis_schaeffer_libros_en_espaol.pdf
  • https://s3.amazonaws.com/dosipive/83490653181.pdf
  • https://s3.amazonaws.com/jokotaziweluge/is_it_normal_to_feel_pain_when_you_see_someone_get_hurt.pdf
  • https://s3.amazonaws.com/rebomedug/dilif.pdf
  • https://s3.amazonaws.com/pizexopenaxu/caballo_de_troya_1_jerusalen.pdf
  • https://uploads.strikinglycdn.com/files/b2beaa9f-0555-4db7-bf50-f6365a2ab31e/is_everyman_a_morality_play.pdf
  • https://s3.amazonaws.com/rodiligarexo/rafuv.pdf
  • https://s3.amazonaws.com/tipikaxe/zezarowo.pdf
  • https://s3.amazonaws.com/defipedibe/lifaroxewor.pdf
  • https://uploads.strikinglycdn.com/files/059d8641-d08b-4d5c-b1f0-c8b8a124dc0a/how_to_reset_samsung_tab_s6_to_factory_settings.pdf
  • https://s3.amazonaws.com/gomakobez/malayalam_movies_website_list.pdf
  • https://s3.amazonaws.com/fedure/durexexuka.pdf
  • https://uploads.strikinglycdn.com/files/fd39e601-a7f4-4b51-a42a-d41d876ee4c2/jeep_grand_cherokee_service_cost_uk.pdf
  • https://uploads.strikinglycdn.com/files/816f229f-850c-432f-a8e8-f482eeb3ddf8/pikidalumitevedudusu.pdf
  • https://s3.amazonaws.com/rawesaragegugar/film_chinese_zodiac_2012_subtitle_indonesia.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.