Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/strik?utm_term=fundamentals+of+differential+equations+8th+edition+solutions+slader PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4413468/normal_6052b4911bb94.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4449777/normal_600e0ea5e8a87.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4455396/normal_603980a3809c4.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4389108/normal_605611189cf01.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4488141/normal_601e64aeb2e6d.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4419206/normal_5fdd3e8e1c666.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4447086/normal_60399c66a7b99.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4407060/normal_602c977252afa.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4488855/normal_6058aed596ba4.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/a668b3c6-72f5-49e3-a6ae-33f06334dbd0/unitypoint_clinic_family_medicine_east_des_moines.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e68c0e25-acda-485d-8421-87704c593982/academic_writing_for_graduate_students_answer_key.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6d8a6eaf-0a35-4cfa-8c0d-ecf4221dadb4/88090604406.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e996cb5a-7498-4df3-b800-b96fdc12a106/an_inspector_calls_bbc_2015_watch_online.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b30ee88c-1028-4bee-88c2-8e7431eb0d13/91361564173.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5ecf322c-9e49-4fea-bb03-ad5d25242322/python_dictionary_update_or_append.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/35a6d48b-31d0-4cfa-b61e-deaea5dbaf56/good_feats_for_druids_pathfinder.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e14a8c0b-af5b-4363-9f23-fe804eced507/gerutobavigig.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cec1d063-42ad-478a-817b-ea83caca6b0d/batikajijuruxamijoka.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.