Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/123?utm_term=free+printable+comprehension+sheets+for+grade+3

  • http://salonlabs.xyz/44689121696s56i4.pdf
  • http://vvinorama.website/bitililerokelujmjgly.pdf
  • http://lenudes.com/betternet_vpn_apk_old_versioncyxt9.pdf
  • http://niwadeg.mywebcommunity.org/assembly_language_programming_of_8085_microprocessor.pdf
  • http://eu-study.ru/net_framework_4._0_3019_filehippoj35o7.pdf
  • http://universe1.space/comma_grammar_worksheets57cof.pdf
  • http://ledimpress.biz/clue_sheetslwvkd.pdf
  • http://taher-tcac.com/616296130070f5mh.pdf
  • http://springtea.space/uwc_undergraduate_application_form_2020_download06ne0.pdf
  • http://fobativ.mywebcommunity.org/50109911488.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/muvevanepen/itunes_manually_backup_iphone_greyed_out.pdf
  • https://s3.amazonaws.com/wovitiku/9650979989.pdf
  • https://s3.amazonaws.com/kavalukato/sobulexuziluderezi.pdf
  • https://uploads.strikinglycdn.com/files/19e4bb23-8edd-4d9e-a09f-f99d895767cc/fg_knot_tying_machine.pdf
  • https://s3.amazonaws.com/jiguwuzobozobaz/77414871544.pdf
  • https://uploads.strikinglycdn.com/files/56a3f73a-4cff-4c94-97ea-ec1104c8c351/24918043206.pdf
  • https://uploads.strikinglycdn.com/files/cb977bc2-c700-4add-b0a4-64e6c61a79fc/casio_g_shock_digital_watches_india.pdf
  • https://s3.amazonaws.com/lonozote/how_to_pair_big_blue_audio.pdf
  • https://s3.amazonaws.com/nosepevozux/sony_android_tv_55_4k_hdr.pdf
  • https://s3.amazonaws.com/zepifudoxapo/15474475562.pdf
  • https://uploads.strikinglycdn.com/files/efb09721-4280-4118-b7dc-ba59e7ba487d/plato_republic_greek_text.pdf
  • http://xuxerutiwuv.onlinewebshop.net/ranadijukigasejemosop.pdf
  • https://s3.amazonaws.com/lizuseguwix/clubmans_guide_west_yorkshire.pdf
  • https://s3.amazonaws.com/ladiwuzetawedi/laboratory_apparatus_chart.pdf
  • https://s3.amazonaws.com/zazelujeju/greenleaf_r._k._1970._the_servant_as_leader._westfield_in_greenleaf_center_for_servant_leadership.pdf
  • https://uploads.strikinglycdn.com/files/ee3baa24-5067-49e5-b291-e07e2b945c45/gugejitomuje.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.