Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafficel.ru/strik?utm_term=free+roblox+gift+card+codes+2020+unused+no+human+verification PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4383918/normal_5f95ed3749237.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4470960/normal_5fc068749c332.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4388416/normal_5fc0a0d1ec9fc.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4370268/normal_5fa89814ee9e7.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4417531/normal_5f96522f2308f.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4470232/normal_5fa496533e473.pdfIn PDF document text
  • http://www.opentle.orgIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/05744f95-b44e-48b4-94fa-0b388bf4b85b/lenguaje_y_tipos_de_lenguaje.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/df5289b2-a48e-4506-b00d-501ba22a0d03/71975772126.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f75ae627-eb92-488b-8eb1-14449040bf46/stump_root_device_is_patched.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3615541b-fa2d-435d-be6e-0ee9ae9705e9/wight_dd_beyond.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ae1fd79f-3b98-4e32-a4bd-d90625901f94/83470736349.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5a0b9883-eb83-4f1e-8064-ed4b4d3cf825/phillip_glass_buys_a_loaf_of_bread.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cfa19bc7-066b-4724-b5b3-e95c2f51c5c0/kaxan.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ea36a5b2-a029-4f22-8974-4ba51b5d3be6/plot_diagram_worksheet.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc526b588c99b6d37c2ed9a/t/5fc713e0a3696915e21cea35/1606882275590/funny_videos_of_dogs_and_cats_talking.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://www.gnu.org/licenses/gpl.htmlIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • https://savannah.gnu.org/projects/freefont/In PDF document text
  • http://www.gnu.org/licenses/In PDF document text
  • http://www.gnu.org/copyleft/gpl.htmlIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.