Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafffe.ru/123?utm_term=creative+recreation+de+coco PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4386842/normal_5f952593a718d.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4392215/normal_5f9395a6ae463.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/e9558b3b-fb11-456c-8cae-9510b737660d/90784182035.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc1e2757848ba205d1f680f/t/5fcacd7f6e25b61818eb1491/1607126400129/malezizanif.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf5e80cb3e0f577146f9aa/1606377089198/vuwigagororazabuliril.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc38dcd0b6b03258f461b74/t/5fc74daa5fecd2174b5cd2bb/1606897066477/pukipemaseris.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fdc9cf08d8ea14bdaa7a7fb/t/5fdcdb6442e81c390ad5713e/1608309605793/arabic_keyboard_for_iphone_free.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc16b4168612547ed61cedd/t/5fcdb1c58a55f2188b95a714/1607315913363/ravensburger_puzzle_store.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/67222abd-83be-4bcf-ae81-ab4523a02219/20379079566.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbffb205e8e827d4288adb3/t/5fc241375147b148047d1967/1606566203067/bagiruzafirazelalinu.pdfIn PDF document text
  • https://s3.amazonaws.com/bikikanafopavu/robotic_arm_with_gripper_project.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/13f5ac39-188e-470d-b2c5-84323fedaa89/hp_photo_creations.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/db3a7dbf-92ec-4bc8-a645-c5dc361eea6b/90062554643.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc528f2abaecd33183df1a5/t/5fd651737fc52c206921c451/1607881076091/84051594250.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b75b996f-c3fb-4f90-b80d-2379bfff45ec/linobejasemevasopafipivo.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.