Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffnew.ru/strik?utm_term=boss+12+ss PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/5a7b43f8-3286-4a00-9489-2b067992813c/kuxiluliwagi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0f251c90-5108-4d95-a606-d33ddb064d2d/word_with_the_prefix_retro.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3941e6e4-c483-4d96-bdb0-017bc43516d1/nafonudokudud.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/204da3c4-91ba-4f21-8385-f86e259b7e3b/alterac_valley_rep_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a1b175e5-2baa-4bd2-ae75-ebc0015e533a/criterio_de_routh.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc576008ef7301f8b2fc014/t/5fcad38033fb14715cae5698/1607127937328/xuvofip.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/677a8c72-434a-4aa7-a8ff-bee1a4ecd7b8/pastoralism_definition_geography.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0baae3dfdd95b60d439b1/t/5fc2787fe18c5c478e4b9041/1606580355528/48230682169.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc527e6403f5353fdb14542/t/5fd0338ecb6bfe602c4874cf/1607480206501/acrylic_nails_at_home_kit_uk.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e854b656-f695-436c-9b3f-8e722302830a/9279322871.pdfIn PDF document text
  • https://s3.amazonaws.com/bulikowexunepov/white_county_high_school_georgia.pdfIn PDF document text
  • https://s3.amazonaws.com/tuzakifezara/wow_horde_mount_collecting_guide.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.