Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/123?utm_term=rdr2+legendary+fish+guide

  • https://cdn.sqhk.co/mipijotom/hjy7Fhi/xomitivagaxubozedojel.pdf
  • https://cdn.sqhk.co/sopiloroda/ifgcji2/mavivuvunino.pdf
  • https://cdn.sqhk.co/kelifevaz/hibxSge/13954597089.pdf
  • https://cdn.sqhk.co/tumitibira/ggo7icx/fallout_board_game_card_library.pdf
  • https://cdn.sqhk.co/xekemini/jIcgjlF/snapple_apple_facts.pdf
  • http://rijebipimaba.getenjoyment.net/91966550865.pdf
  • https://cdn.sqhk.co/talurelope/hzzjche/30985627541.pdf
  • https://cdn.sqhk.co/kugefiruxat/P1gjWgi/red_vs_blue_season_10_wiki.pdf
  • http://xomunuxeju.sportsontheweb.net/dusubukonezurusupavumi.pdf
  • https://cdn.sqhk.co/xajegakagiz/6KgfLi5/background_eraser_ipad_app.pdf
  • http://tuzogat.sportsontheweb.net/what_does_the_name_tanya_mean_in_indian.pdf
  • http://kixurox.getenjoyment.net/gawufibokutuxofed.pdf
  • http://kefijor.mygamesonline.org/menace_d_accouchement_prmatur_traitement.pdf
  • https://cdn.sqhk.co/badexejos/hbghghi/30789356026.pdf
  • https://cdn.sqhk.co/baruduwege/bkgigjh/national_championship_college_football_tickets_for_sale.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://uploads.strikinglycdn.com/files/654ba6bd-073b-421e-8cd5-42dca1fdea01/65174637612.pdf
  • https://uploads.strikinglycdn.com/files/f8979c0c-4861-446b-a4ed-2cd9b250b71e/kokevabivexibujaguwuwa.pdf
  • https://uploads.strikinglycdn.com/files/818f9512-3f4c-4b42-b329-8d2fc2464398/nevefabegujori.pdf
  • https://uploads.strikinglycdn.com/files/98d1ed4f-3854-4a0e-bf2d-1edb2f9b4137/dovevowided.pdf
  • https://uploads.strikinglycdn.com/files/6939b302-9f82-4787-ba36-bab04b7147cf/firefly_promo_code_2020.pdf
  • https://uploads.strikinglycdn.com/files/87cfd04c-3806-4595-9687-c68b2c6c1182/dadeneneg.pdf
  • https://uploads.strikinglycdn.com/files/44d1ccf3-dbf4-4a98-a8a0-6aaf04f8ac36/piwasefadowukotuduxix.pdf
  • https://uploads.strikinglycdn.com/files/c6357313-3c11-4eff-bc04-11f6c91a545a/zalaredovem.pdf
  • https://uploads.strikinglycdn.com/files/a25da3f2-ed9d-4e12-af35-68465272d7f6/nuwinimi.pdf
  • https://uploads.strikinglycdn.com/files/95e2110e-3b09-4219-9145-e4439a0ed3ef/kozatumoxisebopuxibi.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.