Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/wix?keyword=rug+doctor+deep+upright+carpet+cleaner+manual PDF link annotation

  • http://remontnatali.ru/puzagavisivugefn3qj3.pdfIn PDF document text
  • http://wspring.space/47393306084ib1.pdfIn PDF document text
  • http://shtangye.xyz/how_to_connect_bluetooth_speaker_to_alexaubla6.pdfIn PDF document text
  • http://bellissimo.online/why_is_my_kidde_smoke_alarm_going_off_for_no_reasonq0rya.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/0080bdd1-3849-4ce5-9c2e-f7d5c4de4b0c/67812887363.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1daab217-56df-4c81-a0fa-abaf0a7a8d91/how_to_use_a_diaper_genie_refill.pdfIn PDF document text
  • https://s3.amazonaws.com/gisujubolidine/what_is_an_it_business_case.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/215537ff-018b-4777-9a93-daf46e73555e/zedubedixojeludoxe.pdfIn PDF document text
  • https://s3.amazonaws.com/xeroguru/87169919005.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/67d3ca22-a7b9-49ba-95f1-ad323138206c/bible_quiz_genesis_1_with_answers.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ecf5437e-db18-4f1b-bddb-078abea06adb/how_to_connect_symbol_barcode_scanner_to_computer.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b837d000-7db0-4e3f-804a-d0067ed8963c/dark_sun_dd_5e.pdfIn PDF document text
  • https://s3.amazonaws.com/devuxuzejozam/25186138190.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f7a6cd7b-f7cb-45ac-bec7-f767b424e70e/how_much_oil_does_a_honda_gx200_engine_hold.pdfIn PDF document text
  • https://s3.amazonaws.com/timituvupame/furoxerixuserobuwedete.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4c219a7a-06dd-495d-89fc-ebbf5ccda1b9/92481005529.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bd60d8f4-3286-4dd6-abca-cf49088cef62/deroma.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.