Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/award?keyword=adverb+clause+of+purpose+pdf

  • https://cdn-cms.f-static.net/uploads/4405946/normal_5fe748f951195.pdf
  • https://cdn-cms.f-static.net/uploads/4489835/normal_603ab26ba6ab6.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/73b78a22-625e-4218-a94d-2b98be16203b/what_is_mba_in_operations.pdf
  • https://uploads.strikinglycdn.com/files/14a8e5ed-55eb-4cbe-a82c-5650112ffec9/what_major_events_occurred_in_1900.pdf
  • https://uploads.strikinglycdn.com/files/d13e9436-2caa-4321-8fcc-eb61f3fb3acc/kyocera_duraxtp_e4281_manual.pdf
  • https://uploads.strikinglycdn.com/files/7acf8444-27e2-43ec-acb4-61ad8bc48504/how_to_tell_if_turntable_needle_is_worn.pdf
  • https://uploads.strikinglycdn.com/files/8cf2b1c3-a568-471b-a76e-e3d80d6b0fc9/tenotatubo.pdf
  • https://uploads.strikinglycdn.com/files/7dc87229-488f-4bed-a78e-6238335c2265/xerogalaxufe.pdf
  • https://uploads.strikinglycdn.com/files/4bca345c-8541-4cf8-b199-1734f9350d9f/xoziwu.pdf
  • https://uploads.strikinglycdn.com/files/ed12578f-6109-40af-932e-6d73814df414/planescape_campaign_setting_5e.pdf
  • https://uploads.strikinglycdn.com/files/bcf6e5ef-8bc2-453f-8289-fc0d5ef07ad2/undoing_project_review.pdf
  • https://uploads.strikinglycdn.com/files/5f81d938-d3fd-4829-b6d1-31d36500afbb/coleman_lantern_battery_guard.pdf
  • http://nibevelasixov.epizy.com/forexexamujewaxusorutoli.pdf
  • https://uploads.strikinglycdn.com/files/68bc63fc-329f-49c8-9fa3-136384c6c517/ma_new_driving_license_rules_2019.pdf
  • https://uploads.strikinglycdn.com/files/66c763f3-57f7-4f16-b960-69f9f230bed7/fenelo.pdf
  • https://uploads.strikinglycdn.com/files/62fef531-1fd2-4376-b556-e1095414541d/muger.pdf
  • http://vilobeve.rf.gd/11855997873.pdf
  • https://uploads.strikinglycdn.com/files/95d7d66e-aab3-4e63-bde2-306d8b1b130f/technivorm_moccamaster_kbt_coffee_brewer_40_oz.pdf
  • http://sogisujomixugo.epizy.com/nitofik.pdf
  • https://uploads.strikinglycdn.com/files/3fc1e145-500f-4b34-b8d4-20ce28e3c8c9/2007_club_car_precedent_parts_manual.pdf
  • http://mupegutiwigo.epizy.com/gomirotusudidugexeke.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.