Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://www.nosolodespedidas.es/wp-content/plugins/formcraft/file-upload/server/content/files/1608c6ff312768---27195701752.pdf

  • http://birons.net/wp-content/plugins/super-forms/uploads/php/files/2f2668efdba19b7e6427b42a5472e767/tovedilizoborezowuwi.pdf
  • https://amrapalispot.com/userfiles/file/45532355398.pdf
  • https://www.glasswindowequipment.com/wp-content/plugins/super-forms/uploads/php/files/bcc5e5f16d25c5c2792fe8bc171f6f6a/60506521138.pdf
  • http://akkoryazilim.com/userfiles/file/39131981370.pdf
  • http://bilagroup.com/wp-content/plugins/formcraft/file-upload/server/content/files/16082e80e89b38---1656501379.pdf
  • https://petroblend.com/wp-content/plugins/formcraft/file-upload/server/content/files/160827d61a3f59---midagejulasovu.pdf
  • https://www.helmmsp.ca/wp-content/plugins/super-forms/uploads/php/files/1391dabcb13abf04847e4bd9ae7ebc99/63045144571.pdf
  • http://aprendanow.com/wp-content/plugins/super-forms/uploads/php/files/1677ab9c39901008a0199e5e776f5e30/42547877910.pdf
  • https://www.escon.it/wp-content/plugins/super-forms/uploads/php/files/3b07f94641a342e3898d06d6e2757040/43895731131.pdf
  • https://globalclassic.org/wp-content/plugins/super-forms/uploads/php/files/grahrie62lrab63f9qd659askf/fidomokuxarugagowime.pdf
  • http://www.mvdisposal.com/wp-content/plugins/formcraft/file-upload/server/content/files/160769a213aef9---55224576734.pdf
  • https://kalatranslation.co.uk/wp-content/plugins/super-forms/uploads/php/files/28dl7jp4cqv3lnn4uk71q4pr2c/jefumifozudikizuvesej.pdf
  • https://www.isnb.co.uk/wp-content/plugins/super-forms/uploads/php/files/80641f8422f2f5b21fb825b329309999/sudutapa.pdf
  • https://theshairpodcast.com/wp-content/plugins/super-forms/uploads/php/files/09b90903da483bb6b522035805a25056/60730801887.pdf
  • https://precisionautoandac.com/wp-content/plugins/super-forms/uploads/php/files/b03a4c78428322f20558337e9a9c2c3d/28064307454.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://feedproxy.google.com/~r/skout/mBVl/~3/1xuhb7AK25c/uplcv?utm_term=bluebook+citation+format+for+federal+register
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.