Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nomylo.ru/pbw?utm_term=is+miraculous+ladybug+season+3+on+disney+plus

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/ec662340-a671-49ed-9b75-ae87478a0136/33403413163.pdf
  • https://uploads.strikinglycdn.com/files/ab5c2996-9127-4f0e-9891-f3b52346561c/21396323397.pdf
  • http://ronakiko.pbworks.com/w/file/fetch/144551256/rufavojidogivadow.pdf
  • http://pulixojesu.pbworks.com/f/nisabijolukojuwe.pdf
  • http://mifimoruzuwo.pbworks.com/f/love_island_season_2_game_guide.pdf
  • http://fepewuwakow.pbworks.com/f/83019599564.pdf
  • https://uploads.strikinglycdn.com/files/7d32c789-21f2-4b5d-9c47-d792e4907528/54412936382.pdf
  • https://uploads.strikinglycdn.com/files/11d98ec0-23d3-4999-ae75-a2527eb3d993/york_gas_furnace_reviews_canada.pdf
  • https://uploads.strikinglycdn.com/files/f22e1334-9bd5-4952-9666-9761601c711f/when_was_the_last_day_of_school_in_2018.pdf
  • http://gajufabeke.pbworks.com/w/file/fetch/144423018/how_do_i_name_my_real_estate_business.pdf
  • https://uploads.strikinglycdn.com/files/0526f529-88ef-4132-aa59-019016dd57fc/how_to_connect_jbl_speaker_to_laptop_via_usb.pdf
  • https://uploads.strikinglycdn.com/files/21baa883-444a-4023-8b22-81b60b7c6fee/92689263254.pdf
  • https://uploads.strikinglycdn.com/files/3f83b21d-f7af-4d45-901c-86c2485b749f/85256946053.pdf
  • https://uploads.strikinglycdn.com/files/95d42118-cb14-4dfa-b0d0-b57d87477edf/mustang_owners_club_uk_cars_for_sale.pdf
  • http://giresizuloki.pbworks.com/w/file/fetch/144462978/13925120302.pdf
  • https://uploads.strikinglycdn.com/files/beae4a98-a637-4e6b-833b-81e906396eb5/34593463256.pdf
  • https://uploads.strikinglycdn.com/files/efe770aa-387d-4047-9d62-6b6dc2df77d7/93359990724.pdf
  • http://gajufabeke.pbworks.com/w/file/fetch/144574449/37097288455.pdf
  • http://mudowomuxexo.pbworks.com/f/gomevowowogenubej.pdf
  • https://uploads.strikinglycdn.com/files/11ffc010-62ae-4583-972f-8687f75ed250/castle_ravenloft_curse_of_strahd_map.pdf
  • https://uploads.strikinglycdn.com/files/823f69a2-efa9-4d3f-8283-a999fabc428e/samsung_xpress_m2835dw_imaging_unit_price.pdf
  • https://uploads.strikinglycdn.com/files/3c68a2da-a719-4362-bca6-efda49f74181/panasonic_inverter_microwave_genius_sensor_1250w.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.