Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/123?utm_term=vlookup+in+multiple+sheets+example PDF link annotation

  • https://static.s123-cdn-static.com/uploads/4378599/normal_5fefd498af3e1.pdfIn PDF document text
  • https://cdn.sqhk.co/juvanejejuwo/YgetIN2/dedofezagagipaxivaru.pdfIn PDF document text
  • https://cdn.sqhk.co/sizafutito/iaJUA2d/farm_animals_near_me_for_sale.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4485930/normal_602bf2c992c5a.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4411481/normal_5ff21ad3e4b96.pdfIn PDF document text
  • https://cdn.sqhk.co/wefekoferu/rjeIHib/samsung_galaxy_note_8_backup_to_pc.pdfIn PDF document text
  • http://differencecheats.net/pavijowemoromaputodifuvk76h.pdfIn PDF document text
  • http://meetcabinets.xyz/sikoto2buf9.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/jutenojamega/why_are_reports_important.pdfIn PDF document text
  • https://80820154-e864-4b0c-832b-212b24169927.filesusr.com/ugd/c12414_3ff5ec4e6bc942bab79cfc2794924b6f.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/fidefofudi/47444469816.pdfIn PDF document text
  • https://f37c3615-20b0-4e70-b1e7-2acf34113780.filesusr.com/ugd/1e533a_073e480a811c4631aaa4b606376a4a97.pdf?index=trueIn PDF document text
  • https://2a403a33-5f6e-4534-96f9-742aa7325afc.filesusr.com/ugd/d2da83_6c8989c365bc47fa890937a3569d4c52.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/35479e7b-cf13-40b9-b2d9-cca1c03b3352/research_methods_in_psychology_4th_edition_publisher.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5848f5af-1120-48be-862c-047aaf5ee6ad/cub_cadet_lt1042_manual.pdfIn PDF document text
  • https://s3.amazonaws.com/sudevejerifu/fudge_a_mania_movie_1995.pdfIn PDF document text
  • https://s3.amazonaws.com/putelekireza/dota_underlords_update_guide.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.