Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://laborke.ru/uplcv?utm_term=catholic+devotional+prayer+book+pdf

  • http://endustriyelkiralama.com/wp-content/plugins/super-forms/uploads/php/files/vdc6g938123g3g84mi9nmg606d/25108829654.pdf
  • https://amirep.com/wp-content/plugins/super-forms/uploads/php/files/0ea1ac2e604b3f85c00bcd5d813d0fb0/67983937008.pdf
  • http://yuha.be/_files/file/disefosaxasuzozezalesene.pdf
  • https://www.carlosfunes.es/wp-content/plugins/formcraft/file-upload/server/content/files/160a578e00779d---99082681687.pdf
  • http://bagandpack.ru/wp-content/plugins/super-forms/uploads/php/files/5ba266ed351a018d31b55c504c08ec84/powuza.pdf
  • https://almondzwealth.com/administrator/imagetemp/file/kobefojafog.pdf
  • http://lycee-elm.org/userfiles/file/woruzimepok.pdf
  • https://www.actionconstructionjax.com/wp-content/plugins/super-forms/uploads/php/files/0c314d158859b725ca8008229346aa2c/58977576187.pdf
  • https://pankalconstructora.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609b1f3d5bc7d---xomemun.pdf
  • https://www.fifatravels.com/wp-content/plugins/formcraft/file-upload/server/content/files/16093357b4bfa6---59550696134.pdf
  • https://123kozijnofferte.nl/wp-content/plugins/super-forms/uploads/php/files/tjktdarj0018c9svdld4mn6qc6/burivopam.pdf
  • http://anhuizhkj.com/upload_fck/file/2021-5-8/20210508055110622342.pdf
  • http://chixue.com/uploadfile/file/20210522045733.pdf
  • http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609be1b7c6e62---3921016099.pdf
  • https://ohligschlaeger-berger.de/wp-content/plugins/formcraft/file-upload/server/content/files/1609df209c0a12---482609497.pdf
  • https://pinotcar.com/wp-content/plugins/super-forms/uploads/php/files/08adb672c44be698fb9384e614459882/nijifaruwimarigafol.pdf
  • https://pilotcenter.gr/wp-content/plugins/super-forms/uploads/php/files/vhcmnbvenkcaobs25j9gbq61sp/kedelubafi.pdf
  • http://www.alex-vasilkov.ru/images/wisdom/file/26727629655.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.