Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Urgency / deadline lure low SE_URGENCY_LURE
  Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafficel.ru/aws?utm_term=android+autocompletetextview+get+selected+item+value PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4380680/normal_5f8f5bdd6d61e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4375357/normal_5f8a073854a6e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4406782/normal_5fbaadabdbbdf.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4404503/normal_5f9e5d4d11624.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/962ee21a-e9f2-4f41-8637-a9b14dda6a25/27351813384.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e927e9b4-7227-462a-8164-4afd661b6a83/stihl_chainsaw_ms180_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/103d6771-714f-42d8-b599-7b1cea28feb6/nugudoponolarenijipove.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a166e5b3-38ec-467c-b846-cbbaff38c7df/janubinefivitilijivibix.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7a242ff9-41aa-4078-b4a2-36ece0457c29/ximavixaka.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fad1970a-3f44-415c-9aca-3a69c31de6e5/73638289705.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a890f7b3-32cb-452f-8502-28a6ac19a3ab/legally_blonde_the_musical_jr_ireland_lyrics.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/45fe885b-9fa8-43a1-b372-fd13cdae2887/become_beer_girl.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6b314b8b-9a2b-45e6-a2cd-e6b6e5f4a761/gabriel_cousens_vegan.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1e5dae98-182a-455f-8e7d-16e7d739ce1d/28441693412.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f2b13720-a684-4dc3-80df-4d4a1ea11385/80614817297.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.