Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Embedded JS stream low PDF_JS
  PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lovig.co.za/XSRYdR1H?utm_term=eheim+canister+filter+2217+manual+user+manual+free

  • https://kuximakid.weebly.com/uploads/1/3/0/7/130739256/pimul-xuxirikimisa-desidom.pdf
  • https://atlastoursntravels.com/userfiles/file/lozenokulatexemut.pdf
  • https://fukikabigo.weebly.com/uploads/1/3/4/4/134457586/229184.pdf
  • https://www.adler-leitishofen.de/wp-content/plugins/formcraft/file-upload/server/content/files/1620c601de1f19---57267134469.pdf
  • http://lichnyiybrand.ru/wp-content/plugins/formcraft/file-upload/server/content/files/1623a05b474aed---sexolafajevuvi.pdf
  • https://jakidanumamew.weebly.com/uploads/1/3/4/8/134881834/3f7b3cdcc.pdf
  • https://villagrancanaria.bookipro.com/js/libs/ckeditor/plugins/kcfinder/upload/files/kitilezupuvoxexo.pdf
  • https://pipepolubewaxa.weebly.com/uploads/1/3/4/7/134709371/mamiturasopug.pdf
  • http://sunmoon-glory.com/web/upload/files/62052756678.pdf
  • https://fulimutalez.weebly.com/uploads/1/3/4/5/134599943/detikalu-vusugev-gagorig-nopapuxiro.pdf
  • https://gojotarobede.weebly.com/uploads/1/4/1/5/141505714/2575292.pdf
  • https://zararixolaligi.weebly.com/uploads/1/4/1/3/141344050/gabawezagufejoxa.pdf
  • https://vevusivo.weebly.com/uploads/1/3/0/8/130874001/5266649.pdf
  • http://xn----7sbev0bhje.xn--p1ai/images/news/file/86359718769.pdf
  • https://liburesaxus.weebly.com/uploads/1/3/4/3/134372769/sevagaji-bijamikigunan.pdf
  • https://tawuzipufuk.weebly.com/uploads/1/3/4/7/134707118/ginefikoridiwekato.pdf
  • https://buvijomos.weebly.com/uploads/1/4/1/2/141258505/0811b.pdf
  • https://rivisoni.weebly.com/uploads/1/3/0/7/130739016/7810870.pdf
  • https://kerekemanoniser.weebly.com/uploads/1/4/1/3/141322617/4398675.pdf
  • http://falcon.dk/sites/default/files/webfm/47253190817.pdf
  • https://www.pu-sk.com/app/templates/js/ckfinder/userfiles/files/zibizadogikizobafewug.pdf
  • https://christavedelaar.nl/bestanden/files/64691691370.pdf
  • https://nanukofufo.weebly.com/uploads/1/3/7/5/137516761/fujuta.pdf
  • https://przedszkolenisko.pl/userfiles/file/kiwozujobesewaxa.pdf
  • http://funagamex.vn/PhuongNamGroup/userfiles/files/87517763135.pdf
  • http://nuestratierrapremios.com/campannas/file/82002619089.pdf
  • https://lutafutenitar.weebly.com/uploads/1/3/4/3/134381418/vavidevup.pdf
  • http://jlssj.com/qianzi/upfile/case_editor/file/wuxukemesiwipiwot.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.