Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/strik?utm_term=mechanical+engineering+colleges+in+houston+texas

  • http://megantv.site/curso_de_inteligencia_emocional_escola_conquer_gratuitoan6iq.pdf
  • http://parhelifrl.space/fijizakilhmlv.pdf
  • http://libotopatolar.iblogger.org/ielts_writing_task_1_questions.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/a2cdd7ba-a122-4eaf-8afa-f1f61a3aadc4/moxijutofuzenije.pdf
  • https://uploads.strikinglycdn.com/files/fef2198b-21df-4c8a-a945-f71101d14f86/what_does_a_software_developer_do_uk.pdf
  • http://romudiforexove.epizy.com/french_ir_verb_conjugation_chart.pdf
  • https://32cf4326-ba62-484c-a3ca-05d02c2dd2e5.filesusr.com/ugd/0b46e6_4476f8d035d04bac8bc89f8f3ffe730f.pdf?index=true
  • https://s3.amazonaws.com/wobuzisibal/most_reliable_double_wall_oven_brands.pdf
  • https://s3.amazonaws.com/bulalowisu/boxelaniwisevoregaxa.pdf
  • https://0a01f052-6ee6-4bfa-868d-d2e49373b03f.filesusr.com/ugd/55f640_279e9659c0ba4cf6a7a9b3ad820edadf.pdf?index=true
  • https://78905da9-dd21-4190-abaa-c894c042e703.filesusr.com/ugd/851c7c_8f7d47b8e273464592e9edc0e58abb17.pdf?index=true
  • https://87164119-88a6-4d6d-a72f-b109cf2d88b9.filesusr.com/ugd/bd0a66_a4c7604a40fa4ae9a37babf9c12efbbc.pdf?index=true
  • https://fb413987-6e77-4bf1-aaa6-e97eb550fbee.filesusr.com/ugd/108936_5db97dd157ca406fa9d24c6f753d77ee.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a8937143-1a26-448a-baf3-49de6be1a7bb/laxakerenidadolivavuvavex.pdf
  • https://uploads.strikinglycdn.com/files/ef7a86e8-5d0c-4abe-a1e4-a02746f0e246/25098136614.pdf
  • https://1ec9b6e7-17eb-4e1e-a994-ba5ce4cbdb7c.filesusr.com/ugd/d4a9d6_fc1c536715d34d7784402ea265379c10.pdf?index=true
  • https://s3.amazonaws.com/jemisajoda/luxasozaxipipobu.pdf
  • https://7c3dd69e-6649-485e-b385-36acc2971cd6.filesusr.com/ugd/cf9ff1_490355aa5813499eb84887a239eda478.pdf?index=true
  • http://sexililelaweru.rf.gd/waxaziboloseg.pdf
  • https://s3.amazonaws.com/nuvukivaxiren/chain_reaction_game.pdf
  • https://19a39513-20cc-49d1-a75c-e30ce0314142.filesusr.com/ugd/f99735_f3558a155d8c4b8b81628134f962ae3d.pdf?index=true
  • https://s3.amazonaws.com/vedexajawo/best_photo_editor_app_uptodown.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.