Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=wisc+score+classifications

  • http://rezubodojel.medianewsonline.com/official_gre_verbal_reasoning_practice_questions.pdf
  • http://pidivumik.22web.org/baxixakopifajibit.pdf
  • http://lozomaneje.getenjoyment.net/uniden_bearcat_scanner_bc145xl.pdf
  • http://mbfsopg.com/mearsheimer_the_tragedy_of_great_power_politicsohv9i.pdf
  • http://gratoramaa.website/chip_and_dale_rescue_rangers_nes_manualc1ixw.pdf
  • http://miiliioner.xyz/vewesizawibuwilolamubame0lr.pdf
  • http://xaredazisom.mywebcommunity.org/5668021028.pdf
  • http://wugupomovupa.sportsontheweb.net/22920794430.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://68358877-4ee6-4e53-94f7-4bd9665c1f53.filesusr.com/ugd/3bbd68_1bd1cd7d6aa2468ab665a0435a21d288.pdf?index=true
  • https://0ac950e2-707a-4e47-8bf4-daface0ea9db.filesusr.com/ugd/356f11_76efcffcab004dba96f01c7386a8c72c.pdf?index=true
  • https://92fa68c6-d088-48c5-94d9-776fe0504fc0.filesusr.com/ugd/5a053b_44461e3f92554134bc966ed7123618d7.pdf?index=true
  • https://s3.amazonaws.com/kiremefegonar/71647421661.pdf
  • https://uploads.strikinglycdn.com/files/9435ce10-395f-4394-8228-2f85c9334ac3/44214314932.pdf
  • http://jewulepip.epizy.com/51614736863.pdf
  • https://uploads.strikinglycdn.com/files/14bb74af-87f6-45a7-a962-3c9796bf71cf/hp_laserjet_p1606dn_toner_cartridge_number.pdf
  • https://s3.amazonaws.com/resabomibogodaw/a_sisters_secret_movie_trailer_2018.pdf
  • https://s3.amazonaws.com/jitimesolagun/86911081716.pdf
  • https://uploads.strikinglycdn.com/files/5be29883-5b0e-4efb-a04c-98550d13f386/vodelukugikaru.pdf
  • https://uploads.strikinglycdn.com/files/4bfc07c0-1372-42bb-b123-92f2365b96f8/give_me_liberty_textbook_answers.pdf
  • https://uploads.strikinglycdn.com/files/c3894e9c-93f1-4078-8580-15cc6ee87a55/communist_manifesto_novel.pdf
  • http://dugerem.atwebpages.com/94831404857.pdf
  • https://s3.amazonaws.com/xeponodij/nuxojo.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.