Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://smidgel.ru/pbw?utm_term=ninjago+all+episodes+free PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4415080/normal_602921e32abf3.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4419211/normal_602146ffda895.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4405193/normal_5ff12bb45a57b.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4478125/normal_5fde7748d9e5e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4530151/normal_602b6d10c2d32.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4445101/normal_5fd9cd9bc1c7b.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4409411/normal_60bd524b6bc15.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://wojipag.pbworks.com/f/13723566722.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/02c6c0b4-f693-404f-bbf6-f73a9c6b8c60/pelonis_oil_filled_heater_smell.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a6834bd2-6ec8-457d-80b7-60b4c58ec10e/dalufop.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ffede7c0-16a6-41b0-aec2-8d6a7d5bbe16/dakov.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bb5dc154-dfbc-42f0-b0e8-89a403173d8f/research_methods_in_criminal_justice_and_criminology_an_interdisciplinary_approach.pdfIn PDF document text
  • http://xulajirose.pbworks.com/w/file/fetch/144832341/why_did_macbeth_kill_duncan_offstage.pdfIn PDF document text
  • http://xuresasadox.pbworks.com/w/file/fetch/144752313/21843343787.pdfIn PDF document text
  • http://niwomif.pbworks.com/f/engineering_materials_properties_and_selection_9th_edition.pdfIn PDF document text
  • http://fisakujimet.pbworks.com/w/file/fetch/144814119/37218123637.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c1755423-d504-46af-8835-ba43e8d901c1/48166353088.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f0a0825a-7726-4019-9317-cf0d29e246f3/emotional_agility_susan_david_amazon.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/631f770a-dd15-48a2-82cf-df05694ffc54/is_a_wallpaper_steamer_worth_it.pdfIn PDF document text
  • http://nuxawakaxaz.pbworks.com/f/cheat_sheet_asvab_math_formulas.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.