Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
  Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/123?utm_term=credit+agricole+polska+annual+report

  • http://viza.expert/jipogudukqyohp.pdf
  • https://cdn-cms.f-static.net/uploads/4387825/normal_5fd2ffa346981.pdf
  • http://xoluzezo.22web.org/caffitaly_s24_instruction_manual.pdf
  • http://dutusejutax.22web.org/fales.pdf
  • http://rixugogalide.22web.org/cyberpowerpc_keyboard_and_mouse_not_working.pdf
  • https://cdn-cms.f-static.net/uploads/4393502/normal_5fe66a138e633.pdf
  • https://static.s123-cdn-static.com/uploads/4424010/normal_5fe4d880abe54.pdf
  • https://static.s123-cdn-static.com/uploads/4401558/normal_5ffadd2e6bb5c.pdf
  • https://cdn.sqhk.co/dufolatik/ffidH9e/perojigudi.pdf
  • http://trokot-roznica.xyz/29534531482c9od8.pdf
  • https://cdn.sqhk.co/sulugedako/9iehrwH/olvidarte_nunca_rock_urbano.pdf
  • https://cdn-cms.f-static.net/uploads/4374203/normal_60465527d4715.pdf
  • http://cheapkeys.site/mesajobuvogexujije6xsm8.pdf
  • http://salet.store/gunozafenaresufuzewip19zu7.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/6a84cc06-b9a8-4e1a-8cdd-1d61a2c6606c/the_great_gatsby_vocabulary_quizlet_chapter_1.pdf
  • https://7915398d-c9c2-4241-abdb-40cf742e4b8d.filesusr.com/ugd/d4df0f_1b5007f739ce4f3ebdc9ebc263d6d02c.pdf?index=true
  • https://d2faa26e-66ca-44cd-8f84-883624a71019.filesusr.com/ugd/dbbfd0_93c8578cd407470bbe3eb33032cbf270.pdf?index=true
  • http://ripikeze.rf.gd/is_push_pull_split_the_best.pdf
  • https://3d7304b5-8527-495f-b913-615d6f357a43.filesusr.com/ugd/ef7486_859bd190c49f4931a5ba05f888fe2e14.pdf?index=true
  • https://uploads.strikinglycdn.com/files/490af6bf-9ffb-4387-989f-934ea3d159b6/thrawn_trilogy_reading_order.pdf
  • https://eb9d0a7c-f241-4274-9260-18def620c3fd.filesusr.com/ugd/796b85_e628ae4f51cb43cba5287922f4630c9f.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.