Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/wix?keyword=go+math+grade+5+homework+answer+key

  • https://cdn.sqhk.co/xupodafib/eheAxie/74038830046.pdf
  • http://nenamusun.iblogger.org/64314620014.pdf
  • http://sponsor.rest/bamavepipobulixosaravobewn3iwt.pdf
  • http://wivafojoki.22web.org/59509028482.pdf
  • https://cdn.sqhk.co/sirijunubi/ZjfdijT/fifa_world_cup_2018_brazil_vs_argentina.pdf
  • http://chambreapp.xyz/399889447349zoz1.pdf
  • https://cdn.sqhk.co/wetilusogaki/vZjhgdK/banana_blast_commercial.pdf
  • http://detonicinitalia.website/vagegejibazodgu7xd.pdf
  • http://csxmoney.info/roxixariduwowewurelakefamvu3u.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://9de673a2-3b8e-40eb-bbf5-c0ad8e71a3da.filesusr.com/ugd/bd5c68_e9cd2ac780e54b8aa7402fc33cee831b.pdf?index=true
  • http://vewokepewaki.epizy.com/52496688967.pdf
  • https://uploads.strikinglycdn.com/files/5ee28497-d575-4302-8a10-6f06ca35ecec/lost_at_school_book_study_questions.pdf
  • https://s3.amazonaws.com/lupebesu/11740881915.pdf
  • https://uploads.strikinglycdn.com/files/08cca530-9c40-4f2d-9bbc-8a216f8aa49a/7017479215.pdf
  • https://uploads.strikinglycdn.com/files/81192356-dbe5-4d73-9367-14f5e6f0d45d/aircraft_mechanic_salary_philippines_2020.pdf
  • https://dbba0f06-1911-40f0-8c80-a2638c7f81cc.filesusr.com/ugd/b13fd1_b19ec2f2bdaf4fb196838c3bd7767420.pdf?index=true
  • https://s3.amazonaws.com/sirilagewuga/71937970938.pdf
  • https://52a72965-a6d2-471e-b66a-59a59a4d663b.filesusr.com/ugd/e643da_4bb12089abc64cd9989d9057a581df37.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c898dd1d-5686-4af6-9ee3-a3c818271364/neverending_story_song_lyrics_stranger_things.pdf
  • https://uploads.strikinglycdn.com/files/7c774659-5d64-41a1-a642-8924f104b37a/real_book_jazz.pdf
  • http://ninonasoligu.rf.gd/83574364232.pdf
  • https://4c6480a9-ccec-4c20-853c-cc48681c44ad.filesusr.com/ugd/935adc_cdc18fa5625d4afda7c833b3b00530c4.pdf?index=true
  • https://e1fa5f42-99e8-4965-91ac-c1ed21ee8b7e.filesusr.com/ugd/f34823_b52814ef62554d0c9ff1a8266df12607.pdf?index=true
  • http://guvamimifufirar.rf.gd/ansible_rpm_for_linux.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.