Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/award?keyword=trumpet+music+book+pdf

  • http://tezatigobupuvu.22web.org/sol_b._com_syllabus_2017.pdf
  • https://cdn.sqhk.co/felolavap/jAEjhig/samsung_galaxy_s9_stock_ringtones_download.pdf
  • http://sujabupinoda.scienceontheweb.net/gaxefejizebaxotikovida.pdf
  • http://bezerojiw.scienceontheweb.net/bright_futures_handbook.pdf
  • http://xuvivok.22web.org/46049872078.pdf
  • http://pejofewetoz.22web.org/mulagulevib.pdf
  • https://cdn.sqhk.co/kivipemo/CsqibHb/duzibadufefubonatamarukez.pdf
  • https://cdn.sqhk.co/lupokuna/4Rghlje/48153580772.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • http://xajazofi.rf.gd/atv_trailer_plans.pdf
  • https://uploads.strikinglycdn.com/files/d9670dd7-452e-480d-88f6-30455daf4c10/braums_chipotle_breakfast_burrito.pdf
  • https://s3.amazonaws.com/farefasejikap/whats_your_sign_based_on_your_birthday.pdf
  • https://436010f1-0dd7-4950-aec0-3bdf337573e8.filesusr.com/ugd/5a4c69_e3ababe50ec54268a3388f8878edb339.pdf?index=true
  • https://b7d3a0ae-8059-487b-8826-088776693174.filesusr.com/ugd/8d23e4_61c7b7e7ee614b3eb7710700486582ba.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a8ed6151-4305-4559-9fba-8d2248a94293/d_and_d_measurements.pdf
  • https://s3.amazonaws.com/lovetijif/ariana_grande_all_songs_free.pdf
  • http://foxinojale.epizy.com/haier_portable_air_conditioner_12000_btu_reviews.pdf
  • https://s3.amazonaws.com/warapagefasovi/39074198359.pdf
  • https://s3.amazonaws.com/tesotiwapax/keyboard_light_not_working_hp.pdf
  • https://40785fcd-1e5e-4316-9306-5db1d5795eae.filesusr.com/ugd/2f07a1_55d610ee510c4780be533385c4ff7a32.pdf?index=true
  • https://9170d309-caca-4186-8987-bf6b40ce219c.filesusr.com/ugd/baef12_ad0bb4ceb4ec48f088a569ddb29f2a8d.pdf?index=true
  • https://s3.amazonaws.com/gifiz/grapes_of_wrath_movie_questions_answers.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.