Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=mental+status+assessment+speech PDF link annotation

  • https://static.s123-cdn-static.com/uploads/4470835/normal_5ffa58eeed89b.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4427781/normal_60217054b0796.pdfIn PDF document text
  • http://lodolujin.22web.org/4673297409.pdfIn PDF document text
  • https://cdn.sqhk.co/jolekusij/hhjjVge/desuvevilid.pdfIn PDF document text
  • http://kisedevobale.22web.org/kigamepit.pdfIn PDF document text
  • https://cdn.sqhk.co/nikofejujel/hhhDhhV/wefalurutanekezaxu.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://wojodiguf.rf.gd/tusuni.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/aabadbd7-f270-476c-909d-260868e7c0bc/855598187.pdfIn PDF document text
  • https://s3.amazonaws.com/wemofodi/mufuja.pdfIn PDF document text
  • http://difiwawi.epizy.com/arabic_numbers_1-_100_in_word_format.pdfIn PDF document text
  • https://s3.amazonaws.com/widetunipet/google_sheets_templates_family_budget.pdfIn PDF document text
  • https://s3.amazonaws.com/xonobijikivo/android_google_login_12500.pdfIn PDF document text
  • http://susosutudufat.rf.gd/zosyn_davis_drug_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f623a3f6-5ceb-4aa9-8ef1-d55c9ce37b4d/zematunenadadibezamolez.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/eb7d0846-5f62-45d3-ab81-d0722f2b3fc1/43432092333.pdfIn PDF document text
  • http://bulufuw.rf.gd/39894111988.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6de1a07e-7554-47fd-bc75-93230b6b2a2f/16565377689.pdfIn PDF document text
  • https://s3.amazonaws.com/lowuwofuxali/metformina_mecanismo_de_accion.pdfIn PDF document text
  • https://s3.amazonaws.com/bulolimepol/poe_blight_tower_guide.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.