Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://drafthe.ru/pbw?utm_term=3+nm+to+inch+pounds

  • https://static.s123-cdn-static.com/uploads/4486353/normal_600954164d09d.pdf
  • https://cdn-cms.f-static.net/uploads/4480414/normal_60599fcec50f4.pdf
  • https://cdn-cms.f-static.net/uploads/4494436/normal_604f956f98e03.pdf
  • https://cdn-cms.f-static.net/uploads/4424361/normal_60ba93ab65744.pdf
  • https://cdn-cms.f-static.net/uploads/4454301/normal_6046ef222c745.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://wirajudukim.pbworks.com/f/nedemiforopuxe.pdf
  • https://uploads.strikinglycdn.com/files/d81c5da4-c05b-49a5-9bd6-4eb2fe625746/washing_machine_repair_service_near_you.pdf
  • https://uploads.strikinglycdn.com/files/056f3d49-fc5a-4b99-865a-18427484cc46/kugonegoji.pdf
  • https://uploads.strikinglycdn.com/files/2d6c14ee-eb5b-4cdc-942f-bd5c368197c2/77469387519.pdf
  • http://pexovobef.pbworks.com/f/94673919711.pdf
  • http://wiliser.pbworks.com/w/file/fetch/144557346/zeluzekotaseluzilum.pdf
  • http://rugewenuzed.pbworks.com/f/bexetujepewunebanaxix.pdf
  • https://uploads.strikinglycdn.com/files/7885f684-b51d-45c9-aa91-4f49619eb3d8/15112437137.pdf
  • https://uploads.strikinglycdn.com/files/9f60b12e-acec-472d-bfce-61b8e494dd77/how_many_chapters_are_in_the_count_of_monte_cristo_abridged.pdf
  • http://dokadeku.pbworks.com/w/file/fetch/144831387/tirux.pdf
  • https://uploads.strikinglycdn.com/files/c6fc0555-51a4-4f6f-8fc9-bf1a0e7a74b5/how_to_practice_krav_maga_at_home.pdf
  • http://vejivab.pbworks.com/f/54930312115.pdf
  • https://uploads.strikinglycdn.com/files/d4aeb9e2-6900-4799-ad91-dfefc0adfa3f/dragon_age_origins_leliana_romance_guide.pdf
  • https://uploads.strikinglycdn.com/files/d01aada2-2296-42a6-ace1-742e0324577a/microsoft_office_365_crack_apk.pdf
  • http://nunaruribeg.pbworks.com/w/file/fetch/144416148/cash_flow_diagram_template_excel.pdf
  • https://uploads.strikinglycdn.com/files/475faa66-d27a-4dd1-b0a8-a90b96d17e5e/govinda_hari_govinda_venkataramana_govinda_ringtone_download.pdf
  • https://uploads.strikinglycdn.com/files/ca16c669-9df8-4bd2-99d5-48de34c1b23b/52958412628.pdf
  • https://uploads.strikinglycdn.com/files/63fef17d-eb7f-4644-a290-4c398082e7c1/resodoto.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.