Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/wix?keyword=space+hulk+painting+guide+pdf

  • http://dwatches.site/pcb_light_ballast_disposal1hixp.pdf
  • https://cdn.sqhk.co/banijuwa/fjiCfYF/corcraft_stock_symbol.pdf
  • https://cdn.sqhk.co/zowesifona/ie9hiK1/19766178252.pdf
  • https://cdn.sqhk.co/fomezawelud/mNjgian/espn_mlb_news_wire.pdf
  • https://cdn.sqhk.co/rokabumake/02bnjjF/bijazotat.pdf
  • http://strongcreditscore.info/36869398850izgfz.pdf
  • http://testersairf.xyz/apprendre_le_japonaismcfxu.pdf
  • http://legendarycraft.ru/65655086438jweye.pdf
  • http://vir-tus.com/detroit_red_wings_charter_planeu2mxf.pdf
  • https://cdn.sqhk.co/poturofivat/ieUgchj/anime_rise_apk_atualizado_2019.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://uploads.strikinglycdn.com/files/07226940-347a-48e8-be31-6b12c5b6d0e3/medieval_indian_history_documentary_in_hindi.pdf
  • https://uploads.strikinglycdn.com/files/a2fb700c-b075-486f-b46e-56aacbe6c61a/sosateguwukapaz.pdf
  • https://uploads.strikinglycdn.com/files/4b75b9d3-a488-43ea-bc92-036928085a25/harry_potter_and_the_order_of_the_phoenix_teaser_trailer.pdf
  • https://uploads.strikinglycdn.com/files/6a1003f9-b37d-4507-9f59-dae16dc50e0a/26917157122.pdf
  • https://uploads.strikinglycdn.com/files/886f7fae-c235-4bde-ab01-efef71079054/jcpenney_sewing_machine_model_7050_parts.pdf
  • https://uploads.strikinglycdn.com/files/c6d9ac55-0c16-433d-8f44-00f041fbc14b/popaxegopopofadibeli.pdf
  • https://uploads.strikinglycdn.com/files/77195319-b0fe-4728-9609-cbc86d7d5765/99603327542.pdf
  • https://uploads.strikinglycdn.com/files/95a7926c-f861-4ea2-9858-fc250dbc378a/58164503601.pdf
  • https://uploads.strikinglycdn.com/files/817c99b4-c6ba-4bfe-8967-db55d21b24d4/fefatojukafa.pdf
  • https://uploads.strikinglycdn.com/files/ded214f0-aaf0-465c-a092-f07070e8cb29/majupepobojuvubigiv.pdf
  • https://uploads.strikinglycdn.com/files/264f00fa-087b-4fd1-803f-fd6ff98316bb/pibikujabadofumozezov.pdf
  • https://uploads.strikinglycdn.com/files/0b93b4e4-7b23-4e13-b71d-52700937ae7e/brinkmann_grill_cover_lowes.pdf
  • https://uploads.strikinglycdn.com/files/884f804e-dfdd-4f07-8991-5c6ff041399a/mothers_day_inspirational_quotes_in_hindi.pdf
  • https://uploads.strikinglycdn.com/files/2e824ed0-7247-4410-a9b4-296905ef53d3/what_instrument_is_used_to_measure_relative_humidity_and_dew_point.pdf
  • https://uploads.strikinglycdn.com/files/9786088b-265b-45e3-acca-5c4525b00ba3/77306616052.pdf
  • https://uploads.strikinglycdn.com/files/2e54d792-2a5d-42d9-bfbb-86b3c115b1c1/70315325860.pdf
  • https://uploads.strikinglycdn.com/files/e31498af-941a-41ff-9eed-5e3d680774ab/how_to_get_a_real_estate_agent_license_in_illinois.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.