Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/wix?keyword=schwinn+170+operating+manual

  • https://static.s123-cdn-static.com/uploads/4479673/normal_60061d9b649ff.pdf
  • http://dusipoweg.mywebcommunity.org/tekiteris.pdf
  • https://cdn-cms.f-static.net/uploads/4379855/normal_600c56cd5ece7.pdf
  • https://cdn-cms.f-static.net/uploads/4474169/normal_5fd9622426871.pdf
  • https://cdn-cms.f-static.net/uploads/4420911/normal_60163b9d77340.pdf
  • https://static.s123-cdn-static.com/uploads/4410415/normal_5fcf5bfe2a7cc.pdf
  • https://cdn-cms.f-static.net/uploads/4419832/normal_6012f8f0b7fb1.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://c1d61d78-9bae-425c-b347-ee91470fe4f1.filesusr.com/ugd/60933b_3e68ff5c220d4a45ad1fa9dc2ebf54f4.pdf?index=true
  • https://s3.amazonaws.com/nefunupu/middle_school_ela_trivia_questions.pdf
  • https://a97be2a3-bfb5-42de-bba9-b145341b31aa.filesusr.com/ugd/1f2860_b152c0bce1fd406283860364b0f9dafd.pdf?index=true
  • https://uploads.strikinglycdn.com/files/3f387116-6d47-4a96-bf8e-d7c6eba88ab4/excellent_gifts_for_mothers.pdf
  • https://uploads.strikinglycdn.com/files/475c9744-673b-4cd2-906d-57c2bed51436/75930339999.pdf
  • https://s3.amazonaws.com/jewizopukuni/xefitebegimo.pdf
  • https://uploads.strikinglycdn.com/files/9a8a2767-5cd1-44bb-bd3b-5ca7eb00d8b0/what_can_you_eat_on_a_bariatric_liquid_diet.pdf
  • http://tiluxusimutine.atwebpages.com/the_lion_and_the_mouse_book_by_jerry_pinkney.pdf
  • http://pitigapevede.onlinewebshop.net/xenasakubojafoxodaxugizi.pdf
  • https://uploads.strikinglycdn.com/files/9fa23718-9517-4cc9-bfd1-b10e56a9e7a4/plt_legend_pairing_mode.pdf
  • https://s3.amazonaws.com/ziwuvijevo/6th_grade_reading_comprehension_worksheets_online.pdf
  • https://uploads.strikinglycdn.com/files/2a480d98-2c1f-44a8-a9bb-1cd49f93de9b/is_it_cheaper_to_build_your_own_3d_printer.pdf
  • https://s3.amazonaws.com/vedexajawo/psycho_robert_bloch_amazon.pdf
  • https://66f9544f-8325-470d-a543-c07714603334.filesusr.com/ugd/4b2642_7a1663edfa284462b47ec77d0fbe739f.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.