Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://mezovuduw.ru/123?utm_term=giant+defy+2+2015+size+guide PDF link annotation

  • https://fupotepalakeb.weebly.com/uploads/1/3/5/3/135351483/vovanob_neguwuba_bevezapiwi_xabewavabim.pdfIn PDF document text
  • http://souve.me/wd_my_cloud_wdbctl0020hwt-10kasop.pdfIn PDF document text
  • https://wobomiti.weebly.com/uploads/1/3/4/5/134501920/9629375.pdfIn PDF document text
  • https://cdn.sqhk.co/buwowunuras/hhiesYt/mafia_city_of_lost_heaven_soundtrack_download.pdfIn PDF document text
  • https://cdn.sqhk.co/razonavari/qjehijb/95257524549.pdfIn PDF document text
  • http://promooffer.site/jinutodegozb5la0.pdfIn PDF document text
  • https://cdn.sqhk.co/gimovitax/iMjdA75/evaluating_algebraic_expressions_quiz.pdfIn PDF document text
  • https://gebonevoduxap.weebly.com/uploads/1/3/1/6/131606392/fofupim.pdfIn PDF document text
  • http://prodson.fun/telinomokarubj2g9w.pdfIn PDF document text
  • https://cdn.sqhk.co/sidogorego/if33cDY/talking_cat_video_song.pdfIn PDF document text
  • https://cdn.sqhk.co/vasibejovej/gehhZ8y/street_fighter_iv_champion_edition_apk_download.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/3df92004-e118-4475-a50a-7c73faa11409/walmart_pack_n_play_with_changing_table.pdfIn PDF document text
  • https://s3.amazonaws.com/zafaronivaj/pumaxotogu.pdfIn PDF document text
  • https://4253c66a-660d-4c83-b31d-f715833d547b.filesusr.com/ugd/d9e9a0_8d1b5a86197344d29a936cb6d59d8a85.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/jowutoneranemuk/tiluwaresepanodugumajatu.pdfIn PDF document text
  • https://s3.amazonaws.com/jifedefujodu/38560810626.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/73e900ab-2c6e-4c2d-b6a1-818e9d14b0a4/boxagi.pdfIn PDF document text
  • https://s3.amazonaws.com/fidobakipivogit/xefekeke.pdfIn PDF document text
  • https://39472683-7d43-4bc3-882b-0947a83fd973.filesusr.com/ugd/544c7e_5b3ceea1cf3343acb170e993fe3a89ae.pdf?index=trueIn PDF document text
  • https://aa3bb5c3-2bd4-4791-9e2a-6e31d5009b04.filesusr.com/ugd/60e703_321b28151856439785537fef7e88d7b3.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.