Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/123?utm_term=arabic+mehndi+pictures

  • https://cdn-cms.f-static.net/uploads/4404528/normal_602f92ab200ca.pdf
  • https://static.s123-cdn-static.com/uploads/4402032/normal_60076f924c6ff.pdf
  • https://static.s123-cdn-static.com/uploads/4484994/normal_6003703627f22.pdf
  • https://cdn-cms.f-static.net/uploads/4451205/normal_60228c9dee1ad.pdf
  • https://cdn-cms.f-static.net/uploads/4369305/normal_6022e5b58ea45.pdf
  • https://cdn-cms.f-static.net/uploads/4418987/normal_600c9d8a267f8.pdf
  • https://static.s123-cdn-static.com/uploads/4486534/normal_5fdcfa3e27a87.pdf
  • https://static.s123-cdn-static-d.com/uploads/4492257/normal_60b007370d609.pdf
  • https://cdn-cms.f-static.net/uploads/4370059/normal_601462d536574.pdf
  • https://static.s123-cdn-static.com/uploads/4450507/normal_5fe1c954c6848.pdf
  • https://cdn-cms.f-static.net/uploads/4499979/normal_5fd1b507a3011.pdf
  • https://cdn-cms.f-static.net/uploads/4380209/normal_6018604ae0e73.pdf
  • https://static.s123-cdn-static.com/uploads/4376869/normal_5ff34ab3d220c.pdf
  • https://cdn-cms.f-static.net/uploads/4383132/normal_605c11a2e5b2f.pdf
  • https://static.s123-cdn-static.com/uploads/4478932/normal_5fcb5f5f26155.pdf
  • https://cdn-cms.f-static.net/uploads/4456676/normal_6032e65094515.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/42b81070-6660-4fa1-ae4c-d2eb9f13dc2f/favedolifa.pdf
  • https://uploads.strikinglycdn.com/files/4a6cafd1-677e-43b4-9926-244b633ad97f/what_do_black_jelly_beans_taste_like.pdf
  • https://uploads.strikinglycdn.com/files/2fb29818-ecb3-46ec-99af-f6a94e66bcf1/75559234333.pdf
  • http://bupataved.pbworks.com/w/file/fetch/144427617/pederiwexogesifinogases.pdf
  • http://niwomif.pbworks.com/f/xutiwif.pdf
  • http://kevuxezedila.pbworks.com/f/53877790090.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.