Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/award?keyword=autodesk+maya+2020+pdf+download

  • https://cdn.sqhk.co/fenajobuwer/iXDgdhe/36799824832.pdf
  • https://cdn.sqhk.co/tunuviju/IGighji/space_decor_dream_home_design.pdf
  • https://cdn.sqhk.co/kigaratak/hbS9qdm/47073471928.pdf
  • http://dawexefif.getenjoyment.net/41558183220.pdf
  • https://cdn.sqhk.co/jimumakevaji/eyNsLRe/cash_app_sign_up_on_computer.pdf
  • http://worelimupuvefam.mywebcommunity.org/bolexutibe.pdf
  • http://xiwakaravivomik.scienceontheweb.net/macbeth_movie_script.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://uploads.strikinglycdn.com/files/476c939c-7a5d-4960-a88c-9c182e5391c2/how_to_eat_3500_calories_a_day_vegan.pdf
  • https://s3.amazonaws.com/sorapobuk/diy_platform_bed_ideas.pdf
  • https://uploads.strikinglycdn.com/files/c5ea599b-fc86-4ec2-bbce-6d6f7ddabd44/sig_p226_p229_magazine_compatibility.pdf
  • https://uploads.strikinglycdn.com/files/3db4d9dd-a8c4-41a5-b4c3-4b5377b579c7/modelo_de_contrato_de_arrendamiento_de_local_comercial_actualizado_word.pdf
  • https://uploads.strikinglycdn.com/files/b1bdd2d7-b85e-420e-a772-7c95fe442c14/explain_how_cultural_diffusion_occurred_in_mesoamerica.pdf
  • https://uploads.strikinglycdn.com/files/0567a9bb-1b83-45f2-961e-a1ca4014e94e/julian_date_calendar_2017_converter.pdf
  • https://uploads.strikinglycdn.com/files/b71f8000-d673-4459-b236-079dcf39285f/53598675267.pdf
  • https://uploads.strikinglycdn.com/files/8718eb1d-76a5-4d88-a97d-1409b7311955/48116819624.pdf
  • https://uploads.strikinglycdn.com/files/4d57a8cc-5c65-4226-9c45-dac37369d43a/fuser_kit_for_hp_color_laserjet_cp4025.pdf
  • https://uploads.strikinglycdn.com/files/c8827945-262a-4065-8b04-6217d12ebedb/zekakijarikezusajowulava.pdf
  • https://uploads.strikinglycdn.com/files/74bf9b49-92ed-482e-bc2c-462d08dc25d6/what_do_the_numbers_1-10_mean_in_the_bible.pdf
  • https://uploads.strikinglycdn.com/files/624d4998-972f-47d8-a6a1-cf99daab6114/rewemigakexisoluk.pdf
  • https://uploads.strikinglycdn.com/files/48306abb-7750-4fcb-b6bc-622236894c6d/lememage.pdf
  • https://uploads.strikinglycdn.com/files/e13b332b-c553-44f1-b923-c09cb1432f83/cambridge_igcse_chemistry_past_papers_answers.pdf
  • https://s3.amazonaws.com/viwoxuz/taxojowesadezodutujutexa.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.