Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/wix?keyword=parkersburg+police+department+hiring

  • https://cdn-cms.f-static.net/uploads/4479925/normal_60586a44771d2.pdf
  • https://static.s123-cdn-static.com/uploads/4409236/normal_6007eb1c43fc1.pdf
  • https://cdn-cms.f-static.net/uploads/4416939/normal_603210172adbd.pdf
  • http://swiss-family.space/nibotidajxuafn.pdf
  • https://static.s123-cdn-static.com/uploads/4475738/normal_5fdde6c092d42.pdf
  • https://static.s123-cdn-static.com/uploads/4402737/normal_6005ff49d5a3f.pdf
  • https://static.s123-cdn-static.com/uploads/4405459/normal_5fc5e345affbe.pdf
  • https://cdn.sqhk.co/dusaradezat/jcCmhfc/crypto_mining_bot_telegram.pdf
  • https://cdn-cms.f-static.net/uploads/4445119/normal_600dc7d8403ee.pdf
  • https://cdn.sqhk.co/gewewoturila/eCEpYMG/mateziwelefilune.pdf
  • https://cdn-cms.f-static.net/uploads/4456676/normal_6018408536fb6.pdf
  • https://cdn-cms.f-static.net/uploads/4489980/normal_603c14b13abb2.pdf
  • http://itsnat.space/64846860620kwp4x.pdf
  • http://oneplusonemain.xyz/pipe_fishmouth_templateapnvw.pdf
  • https://cdn-cms.f-static.net/uploads/4481527/normal_6041adba77228.pdf
  • https://cdn.sqhk.co/vofonowul/fx7jcgj/33179778513.pdf
  • http://good-production11.site/canon_eos_rebel_xsi_user_manualvsy42.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/xoxaneral/99810526221.pdf
  • https://uploads.strikinglycdn.com/files/bc283281-27e3-43d8-8203-f6f397eee8dd/88880940581.pdf
  • https://s3.amazonaws.com/zaxefemebidaz/haunted_house_waiver_form_mckamey_manor.pdf
  • https://uploads.strikinglycdn.com/files/55617fdc-3b53-42e8-84f7-0491b160b3ec/35058959215.pdf
  • https://uploads.strikinglycdn.com/files/a6ad8df6-4353-485f-8f87-4fa2b3a33a6d/kenmore_elite_refrigerator_french_door_spring.pdf
  • https://uploads.strikinglycdn.com/files/9171472c-84a7-482c-8421-5d6e134eb51c/sex_and_the_city_3_date_de_sortie.pdf
  • https://s3.amazonaws.com/wajibile/929266382.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.