Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafftec.ru/123?utm_term=southern+homes+and+gardens+hours PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/vifusupegiza/formation_administrateur_systeme_alternance.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/638467df-d5d7-4cb1-b3dd-6eb323d9af61/tajowatumobawon.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6c3b481c-1227-4a9c-a0d3-ea4bdae3d2d6/70129264854.pdfIn PDF document text
  • https://s3.amazonaws.com/nuruvapozixix/64607884878.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/24a3e83e-c14c-4c5d-807c-72d797d8bfc7/6_traits_of_writing_posters.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc304a32e34347c70520823/t/5fca9130e4bfa1297acf2a06/1607110962535/47465366408.pdfIn PDF document text
  • https://s3.amazonaws.com/debamijizozexo/turedotanu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1211523a-5c0a-4a8f-9c65-46f850f2cb5e/90353105829.pdfIn PDF document text
  • https://s3.amazonaws.com/zopenave/60484065596.pdfIn PDF document text
  • https://s3.amazonaws.com/kudefem/gcse_chemistry_revision_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d28c769a-1798-499c-a86b-bca1d9596adf/fuvumiraluvu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/dcc2c08b-bfd2-4a5e-a100-467695757ac3/97926992430.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c245b2fc-a91b-4ea2-9650-59e2c3eef614/bevevu.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc5740abdb33045eee0e015/t/5fd6075a154d727871e166d3/1607862107246/telopek.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd0ac32c6de34c7a3aa48a/1606224580368/guitar_games_online_unblocked.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.