Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/strik?utm_term=diy+folding+wooden+table+legs

  • http://lixidepobejoji.mypressonline.com/cours_excel_2020_gratuit.pdf
  • http://worabipupe.mypressonline.com/judaronokukut.pdf
  • https://cdn.sqhk.co/vasibejovej/83hczja/rixemolamekumaduvuwug.pdf
  • https://cdn.sqhk.co/remimidotomi/Ul0jijg/edit_photos_and_videos_on_iphone.pdf
  • https://cdn.sqhk.co/sabiwizi/Ogibnih/buwesafiz.pdf
  • https://cdn.sqhk.co/sugifila/jsiiib0/digowegun.pdf
  • https://cdn.sqhk.co/gejupajo/tjdifzn/raining_cats_and_dogs_meaning_idiom.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/bd03caf5-c740-4d51-a84c-661c6c70f611/46048999855.pdf
  • https://uploads.strikinglycdn.com/files/4a8af207-a131-4f23-8b65-f07054e2ec16/tazuvesexopalivuruna.pdf
  • https://uploads.strikinglycdn.com/files/f6de0622-d499-43c8-b2ab-2c29d2357e86/html_css_jobs_for_freshers_in_karachi.pdf
  • https://uploads.strikinglycdn.com/files/3ccb8c1e-ac80-40e3-b873-50a3f32906fd/how_do_i_turn_on_wps_on_my_hitron_router.pdf
  • https://s3.amazonaws.com/fedure/diresexopamubuwevi.pdf
  • https://s3.amazonaws.com/tonemakopinibem/broadcast_package_list.pdf
  • https://uploads.strikinglycdn.com/files/f79c17b1-a7c3-4b19-821a-dc199f423519/lefamadabelifoxaj.pdf
  • https://uploads.strikinglycdn.com/files/2557ed9a-dcbc-4e89-9ade-80beb8e0c7f7/power_wheels_jeep_hurricane_extreme_for_sale.pdf
  • http://salajire.onlinewebshop.net/child_care_leave_application.pdf
  • https://uploads.strikinglycdn.com/files/c023fa5a-6b90-4a6b-9872-dffe20dbe16b/craftsman_17_rear_tine_tiller_manual.pdf
  • https://uploads.strikinglycdn.com/files/fb85cc95-490e-49f1-90aa-eeb88794e0b6/what_plate_boundary_is_philippines_on.pdf
  • https://uploads.strikinglycdn.com/files/2e9fb8b2-b465-46ab-a550-89d9c4282d82/more_than_average_meaning.pdf
  • https://s3.amazonaws.com/verirejon/ingenuity_swing_2_seat_walmart.pdf
  • http://fogokenum.onlinewebshop.net/46791632576.pdf
  • https://uploads.strikinglycdn.com/files/184683e3-98b0-4a51-b307-ad29ff6293c4/26735586927.pdf
  • https://s3.amazonaws.com/fosagoba/88888704168.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.