Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=2005+dodge+ram+1500+fuel+pump+shut+off+switch

  • https://static.s123-cdn-static.com/uploads/4462035/normal_5fdcc920b82d1.pdf
  • http://jupimok.iblogger.org/how_do_you_run_a_diagnostic_test_on_a_kenmore_he3t_washer.pdf
  • https://cdn-cms.f-static.net/uploads/4369316/normal_6038803b887b1.pdf
  • http://biomanua.website/nfl_fantasy_football_draft_board_online4e7ze.pdf
  • https://static.s123-cdn-static.com/uploads/4467007/normal_5ffe4c0ae01f9.pdf
  • https://cdn-cms.f-static.net/uploads/4483089/normal_606c5d937bf30.pdf
  • http://astropsychology.website/crawfish_etouffee_nutrition_informationcbi0q.pdf
  • http://digitalliteracyinstitute.com/greek_and_latin_roots_worksheets5e724.pdf
  • https://static.s123-cdn-static.com/uploads/4421780/normal_5fdf9ea58b301.pdf
  • https://static.s123-cdn-static.com/uploads/4403685/normal_6007c256279a8.pdf
  • http://sabazat.22web.org/tewinenoruvitotebu.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/89e0e197-0950-4651-874c-2244364c7e1d/98081007012.pdf
  • https://uploads.strikinglycdn.com/files/b562c6e1-3a55-446a-ab3c-4558da7f0c7f/enron_the_smartest_guys_in_the_room_full_movie_putlockers.pdf
  • https://uploads.strikinglycdn.com/files/443eeca5-f728-4724-9e38-db694990e083/best_used_car_for_under_5_000.pdf
  • https://uploads.strikinglycdn.com/files/1e71c1e8-1365-437a-afc3-9996d742d309/dialektik_der_aufklrung_einfhrung.pdf
  • https://uploads.strikinglycdn.com/files/02a0b122-4f9f-4288-bbd9-c6a7fa56e016/mebitutosijuzizunulako.pdf
  • https://uploads.strikinglycdn.com/files/a5651ac7-b162-4275-a52b-89a90718cae7/gisilofowenagojolidasidev.pdf
  • https://uploads.strikinglycdn.com/files/6dd6b02b-08eb-4b07-98dd-b24b3cbb38c3/para_que_sirve_el_te_de_manzanilla_canela_y_limon.pdf
  • https://uploads.strikinglycdn.com/files/8b484a54-c83c-4b1b-ae15-3ada52b8a5b9/german_irregular_verbs_complete_list.pdf
  • https://uploads.strikinglycdn.com/files/a88d94c7-1e61-4b9a-a4d0-397c0faf34f5/jack_lalanne_fusion_juicer_stopped_working.pdf
  • http://kasedabinat.rf.gd/avancemos_1_answer_key.pdf
  • http://rojepubaxogo.epizy.com/bowutafujozikadim.pdf
  • http://bumotelaladu.epizy.com/soil_erosion_types_and_causes.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.