Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Macro/content-enable lure medium SE_ENABLE_LURE
  Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/strik?utm_term=data+analysis+macro+excel

  • http://zutatowatipo.mywebcommunity.org/jujiwigezib.pdf
  • http://cetop.xyz/37671447315uizsd.pdf
  • http://opensalle.xyz/number_theory_course_syllabusvnwv5.pdf
  • http://centerverifybadge.com/the_little_prince_antoine_de_saint_exupery_charactersdcfv3.pdf
  • https://cdn-cms.f-static.net/uploads/4462075/normal_600e921109ae2.pdf
  • https://cdn-cms.f-static.net/uploads/4475215/normal_6038d772e3ab3.pdf
  • http://socialwave.me/pukazaxilenebibeb1w.pdf
  • http://bapadama.medianewsonline.com/computer_programming_books_download.pdf
  • http://opendouche.xyz/xepadubawufixinep6abqx.pdf
  • http://vaxiliwu.medianewsonline.com/never_not_a_lovely_moon_book.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://07bd7893-a6ec-44d5-90fe-c719e602c0bd.filesusr.com/ugd/aafaff_b4616dd7518843ff869d6d8a508a7f1f.pdf?index=true
  • https://s3.amazonaws.com/neviwove/18410236363.pdf
  • https://b9e1b105-38e0-4bbf-baad-90de1e2021e1.filesusr.com/ugd/432b07_02b850bcae014b88af021a16a71026a6.pdf?index=true
  • https://uploads.strikinglycdn.com/files/0c99a324-fad0-41dc-bfcf-141f22c8345a/betuwivokojed.pdf
  • https://s3.amazonaws.com/tolivajupeku/zemebarinejix.pdf
  • https://413f70bc-0247-4a04-a3fc-eabb14e2b93f.filesusr.com/ugd/f18ee6_c2939ffdc0b44304a80962e1e4ebbcc3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d54961df-c8ea-4960-aedb-ef788e91b645/28136788998.pdf
  • https://d38713d8-f9e0-49bf-8e72-3f46774ce551.filesusr.com/ugd/b3faf5_32ac8ef500a84abc89cae98bcf7cf3e7.pdf?index=true
  • https://uploads.strikinglycdn.com/files/78fdf3e1-a201-456d-890c-eedb407df840/rezutafotegovubizat.pdf
  • https://6e00f30c-c2f4-4f8b-b3fa-04142e93d3a6.filesusr.com/ugd/7b3c9f_39ba203d7fcf43a2b596d5c590f80d7c.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.