Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
  Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=the+willpower+instinct+chapter+3+summary

  • http://wifisef.medianewsonline.com/amebas_comensales_intestinales.pdf
  • http://dimozakebaba.scienceontheweb.net/cutting_for_stone_summary_sparknotes.pdf
  • http://avto-trokot.xyz/the_law_officer_s_pocket_manual_20171kbpa.pdf
  • https://barijimuje.weebly.com/uploads/1/3/1/4/131406344/fugojuxuxabivuluvuro.pdf
  • https://putukaxuke.weebly.com/uploads/1/3/1/4/131437363/bazakoz.pdf
  • http://ligumexijigab.getenjoyment.net/arba_netherland_dwarf_colors.pdf
  • https://taburexil.weebly.com/uploads/1/3/4/3/134374137/1200adc.pdf
  • https://tuzutetenufiro.weebly.com/uploads/1/3/4/7/134716615/piperomubarug-polixunipojun.pdf
  • http://price-list.moscow/raxegujazegivk8n.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://sovogezo.atwebpages.com/9728855477.pdf
  • https://uploads.strikinglycdn.com/files/8c59b6a1-092c-4f9f-9efb-c8f1f4f0c61a/jbl_xtreme_2_speaker_target.pdf
  • http://fimuwudefixolet.epizy.com/bodybuilding_workout_at_home.pdf
  • https://uploads.strikinglycdn.com/files/c1be7bbe-9f89-4971-9445-9b996224f669/2.0_t_vw_2.0_fsi_engine_diagram.pdf
  • https://ac65beef-1c88-4b01-a948-251493ed82f2.filesusr.com/ugd/09857b_66cdda2303de4229846b62cd66f4047b.pdf?index=true
  • https://7980b0ff-2efe-48f4-a442-6c87bca80713.filesusr.com/ugd/9bd8c3_c5071437147846f697f662d6d101ce9d.pdf?index=true
  • http://fafezevasuba.rf.gd/delhi_building_bye_laws_2017.pdf
  • https://uploads.strikinglycdn.com/files/5d9334a7-22b0-4e22-94be-3786de8e5756/26527248495.pdf
  • https://30cc9e9c-6145-4029-bfdc-d0561bdb3a10.filesusr.com/ugd/0dcf4b_567c7f0098784ea893cc04c0b9b8dc41.pdf?index=true
  • https://3485775d-af35-4505-8fb4-f6750f575e04.filesusr.com/ugd/42f18e_a451f7e72ab541febb921322b85cf1d5.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.