Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/strik?utm_term=afghan+jalebi+mp3+song+download+wapking

  • https://cdn-cms.f-static.net/uploads/4415051/normal_6065a841b37a5.pdf
  • https://cdn-cms.f-static.net/uploads/4369329/normal_6040766786171.pdf
  • https://cdn-cms.f-static.net/uploads/4387417/normal_60186a262a81b.pdf
  • https://cdn-cms.f-static.net/uploads/4481072/normal_5fdc2a1513fec.pdf
  • https://static.s123-cdn-static.com/uploads/4377704/normal_5fefdd9a85620.pdf
  • http://rekararavufi.iblogger.org/what_engine_is_in_the_maserati_granturismo.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/wufujudisu/business_letter_format_spacing_after_date.pdf
  • https://s3.amazonaws.com/kabisebax/sectional_view_engineering_drawing_exercises.pdf
  • https://s3.amazonaws.com/vefagotoje/boardman_road_bikes_size_guide.pdf
  • https://uploads.strikinglycdn.com/files/082cc01f-378c-4517-b069-cac8194617e1/funiniz.pdf
  • https://s3.amazonaws.com/tedowafomaru/resume_writing_format_for_job.pdf
  • https://uploads.strikinglycdn.com/files/4e20ab35-05b3-4541-90b8-839f7cad086a/easy_maths_tricks_free_download.pdf
  • https://s3.amazonaws.com/xopugup/13967781820.pdf
  • https://uploads.strikinglycdn.com/files/ed8a8db7-ca6a-47c7-8a63-12fc12b98575/an_introduction_to_language_fromkin_rodman_hyams.pdf
  • http://vuremekewema.rf.gd/chapel_house_surgery_formby.pdf
  • https://s3.amazonaws.com/liwafo/30627053374.pdf
  • https://uploads.strikinglycdn.com/files/6e45e9d0-0ee2-45fb-850d-d274f9fc10e4/mekizofawunagojopa.pdf
  • https://uploads.strikinglycdn.com/files/12310337-fcfa-43db-91cf-70d136e65d19/wisewobutuselozivufodu.pdf
  • http://gafigap.epizy.com/30445374966.pdf
  • https://s3.amazonaws.com/gurafoga/63392314832.pdf
  • https://s3.amazonaws.com/pajeriramal/camp_half_blood_confidential_espaol.pdf
  • https://s3.amazonaws.com/zabevog/latest_avg_antivirus_free_for_pc.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.