Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/award?keyword=robotics+engineering+books+pdf+download

  • https://cdn.sqhk.co/kimefutif/6hf25Z6/mind_games_during_pregnancy.pdf
  • https://cdn.sqhk.co/pikikunifav/cIhdC8Q/58552115748.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://fedorahosted.org/lohit
  • https://uploads.strikinglycdn.com/files/9713c755-7638-402e-b289-ee21c77b2a90/92848156090.pdf
  • https://s3.amazonaws.com/bulozor/xukexajufitevatu.pdf
  • https://uploads.strikinglycdn.com/files/783665a7-b53e-4a18-acc1-48611e5c3ebd/2004_chrysler_pacifica_battery_drain.pdf
  • https://uploads.strikinglycdn.com/files/6658bae1-30de-4845-9590-34d3f1d52076/52282813885.pdf
  • https://uploads.strikinglycdn.com/files/66940e74-5702-4ffe-8ba7-f92749b6a0b9/calibrate_samsung_uhd_tv_6_series.pdf
  • https://uploads.strikinglycdn.com/files/7f2a0cba-ecea-470a-8020-c480f414ac10/does_misa_die_at_the_end_of_death_note.pdf
  • https://uploads.strikinglycdn.com/files/9faa94af-2f04-4d55-9990-b8c93177bd20/8552910232.pdf
  • https://uploads.strikinglycdn.com/files/43d3e1a0-d2b1-45ed-9ea9-9638b7dba02b/huck_finn_jim_quotes_about_freedom.pdf
  • https://s3.amazonaws.com/bezutu/you_can_negotiate_anything_book_free_download.pdf
  • https://uploads.strikinglycdn.com/files/3bb66a04-1e25-49bd-9d26-38ac21e0599e/faxaledupaguresulel.pdf
  • https://s3.amazonaws.com/labitajaxatufib/believer_flute_sheet_music_imagine_dragons.pdf
  • https://uploads.strikinglycdn.com/files/f4984bd9-5532-4491-9d6b-e0b994bb1695/is_the_southern_reach_trilogy_worth_reading.pdf
  • https://uploads.strikinglycdn.com/files/ca4a3f3f-5601-44dd-941d-be909c0ac821/92369314017.pdf
  • https://uploads.strikinglycdn.com/files/e1c4388d-317e-48a1-b151-4e7bc764f7e5/30700316688.pdf
  • https://uploads.strikinglycdn.com/files/e18549d2-6a36-42d9-b95d-24ffd8a059c8/19707141039.pdf
  • https://uploads.strikinglycdn.com/files/2d85eb27-2390-4776-962f-a1c75b059044/business_analytics_internship_summer_2021.pdf
  • https://s3.amazonaws.com/gixawetopoli/consumer_reports_10_best_cars_2019.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.