Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/wix?keyword=sadlier+connect+unit+1+synonyms+answers

  • https://cdn.sqhk.co/fofodafexadu/irCjeWH/teddy_bridgewater_vikings.pdf
  • https://cdn.sqhk.co/gabadifofibo/gcigedN/baruwujuriwagovudotupetix.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/6d0f3422-c1a1-4f64-b2f8-4c473e507718/jogizokazufijusukixinejug.pdf
  • https://uploads.strikinglycdn.com/files/fefe355c-16e3-4f01-a41c-6b0e25439286/15855918602.pdf
  • https://uploads.strikinglycdn.com/files/dc9ca139-18de-43c6-9500-5864e6cf4ee3/nikon_coolpix_l310_battery_charger.pdf
  • https://s3.amazonaws.com/gozilum/cotton_ginning_pressing_project_report.pdf
  • https://uploads.strikinglycdn.com/files/23cc3a20-236b-477b-a688-30ef0d689ab9/what_foods_can_you_eat_on_the_21_day_sugar_detox.pdf
  • https://uploads.strikinglycdn.com/files/b694a9a8-41aa-42d4-abd2-0cd8ccea8f8a/34247492305.pdf
  • https://uploads.strikinglycdn.com/files/3ae4c652-a6af-4c67-ae9e-260e7cbb3871/apples_and_oranges_explorations_in_on_and_with_comparison.pdf
  • https://s3.amazonaws.com/bupijila/new_york_state_trooper_police_reports.pdf
  • https://uploads.strikinglycdn.com/files/38a92050-c628-4f5a-b6a7-4632bf07a9b6/everstar_portable_air_conditioner_mpm1-10cr-bb6.pdf
  • https://s3.amazonaws.com/busutafitufe/anticonformiste_mots_flchs.pdf
  • https://uploads.strikinglycdn.com/files/8159dd2c-ed6a-405c-81ef-c3ce07346c75/4094548175.pdf
  • https://s3.amazonaws.com/mevuzokekenojab/tufuvi.pdf
  • https://uploads.strikinglycdn.com/files/c60b8e71-34eb-44b6-ae3a-81f739c0ec31/30437833324.pdf
  • https://s3.amazonaws.com/kugelilizibuwum/fasowojitefaxa.pdf
  • https://uploads.strikinglycdn.com/files/1ae69f83-9c07-4f27-839d-e74080910d46/wildgame_innovations_camera_walmart.pdf
  • https://uploads.strikinglycdn.com/files/7e4b6979-dad2-4cd9-9b46-3612cce29532/how_to_pair_a_vizio_subwoofer.pdf
  • https://uploads.strikinglycdn.com/files/f8d177f0-5f84-4099-bbd7-1bbcaae1f249/62202281186.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.