Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafficel.ru/123?utm_term=a+brief+history+of+the+romans+2nd+edition+free+pdf PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4385887/normal_5f95152562f5c.pdfIn PDF document text
  • https://buminezavo.weebly.com/uploads/1/3/4/6/134650892/xifuta-tivujo.pdfIn PDF document text
  • https://pagafamowadaf.weebly.com/uploads/1/3/4/8/134878907/7977b0d594.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/4e18382e-3aaa-4c60-91fe-d9998df91519/danobutaso.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc77ea6161f8068bececdc0/t/5fd69b6e164d0f203c84b581/1607900023689/bejeweled_full_version_free_for_pc.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc6485be2fce462bcb09523/t/5fce8327a6630f0a44d9693a/1607369514409/car_window_repair_near_me_mobile.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbffcc36609fd0ee78c2f31/t/5fc0ed9108845d0924abe346/1606479250051/99838776112.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc5a3a111f6a41984a5f629/t/5fd67a00164d0f203c7f3d08/1607891457391/old_spider_solitaire_windows_7.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9f2c6c72-295b-4957-8135-272f19143e2c/gukugexazidunopimu.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0dfc5405d5340f3296f29/t/5fcab4ef622a1431bd198bb4/1607120112017/swatches_meaning_in_tamil.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc5453dd49dd12447511837/t/5fc8167c970db930d9b26ca6/1606948476304/lotigefugowekujazodeba.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.