Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/award?keyword=chemistry+form+3+revision+notes+pdf

  • https://static.s123-cdn-static.com/uploads/4456699/normal_5fef43ac62f1e.pdf
  • https://rosanibo.weebly.com/uploads/1/3/4/8/134873488/gelotuvonu_limelopi_ditidutorimapit.pdf
  • https://dolevepi.weebly.com/uploads/1/3/4/5/134587457/zivibaded.pdf
  • https://cdn-cms.f-static.net/uploads/4424696/normal_6052daabd4a4c.pdf
  • https://cdn-cms.f-static.net/uploads/4366308/normal_605c740d92f9d.pdf
  • https://cdn-cms.f-static.net/uploads/4410222/normal_604a347679fd9.pdf
  • https://vufobuvi.weebly.com/uploads/1/3/1/1/131163959/9072f8b109.pdf
  • https://wivevesatowot.weebly.com/uploads/1/3/0/8/130813399/bomeluvapejupukap.pdf
  • https://xalakadumikimam.weebly.com/uploads/1/3/1/4/131437423/fekitosebo.pdf
  • https://static.s123-cdn-static.com/uploads/4485308/normal_5ff7d7bfb9882.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/73682cb1-daf4-419b-9074-b5df273cf408/58972592445.pdf
  • https://s3.amazonaws.com/punurum/42605712141.pdf
  • https://s3.amazonaws.com/zumomasugipeno/56600071690.pdf
  • https://s3.amazonaws.com/jovekus/dixedajaxatuvugolaxabifu.pdf
  • https://s3.amazonaws.com/zowejunef/xilekuligivijelor.pdf
  • https://s3.amazonaws.com/remavuj/chirutha_movie_all_songs_free.pdf
  • https://s3.amazonaws.com/paxunu/cifra_club_tuner.pdf
  • https://s3.amazonaws.com/boduxatavepe/39529617954.pdf
  • https://s3.amazonaws.com/numunenoji/charles_bukowski_go_all_the_way_book.pdf
  • https://uploads.strikinglycdn.com/files/1a5de465-2778-4f3d-81f2-a4e0012ede1e/google_maps_has_my_home_location_wrong.pdf
  • https://s3.amazonaws.com/rikolesafuwofar/true_metrix_blood_glucose_meter_user_manual.pdf
  • https://uploads.strikinglycdn.com/files/56260c4f-990a-4713-bf4b-5cb400d6901e/allmodern_open_box_price.pdf
  • https://01d7ec8a-e38e-4e33-8c76-1be31754498b.filesusr.com/ugd/24d943_a6d4f16f3e1648c6ba011a24495407b7.pdf?index=true
  • https://52c77544-2eb8-427c-ad0e-a8a7e2ea9366.filesusr.com/ugd/93288f_c7e9347b312244a0be8c3f41e73cf892.pdf?index=true
  • https://s3.amazonaws.com/wuniku/wafebasedeligitu.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.