Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Embedded JS stream low PDF_JS
  PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/wix?keyword=was+and+were+worksheet+for+grade+1

  • https://cdn.sqhk.co/nuroteditu/ghGhhED/48098458378.pdf
  • https://cdn.sqhk.co/bubuzibiv/DCZggoc/free_gems_brawl_stars_2020.pdf
  • https://cdn-cms.f-static.net/uploads/4499656/normal_602b4ac298366.pdf
  • https://cdn-cms.f-static.net/uploads/4450353/normal_603d039a4a51a.pdf
  • http://apelsins.space/42905470859r3u5m.pdf
  • http://5coupons.info/how_much_does_it_cost_to_repair_a_refrigerator_ice_makerqfk4w.pdf
  • http://baby-slings.ru/class_12th_sociology_notesoyekr.pdf
  • https://cdn.sqhk.co/xivovido/bifjcpq/block_strike_hack_2020_download.pdf
  • https://cdn-cms.f-static.net/uploads/4388627/normal_600a7a76e19bb.pdf
  • http://tadosuzewamu.medianewsonline.com/can_you_whitewash_with_chalk_paint.pdf
  • https://cdn.sqhk.co/dopiporajen/c3KBkjf/duwetamejalelipu.pdf
  • http://cosmosqrab.online/how_long_to_cook_a_pork_roast_in_a_pressure_cookerj0o0d.pdf
  • https://static.s123-cdn-static.com/uploads/4413007/normal_5ffa017bb0dc8.pdf
  • http://fovikoxesaweziz.medianewsonline.com/blue_book_of_grammar_free.pdf
  • https://cdn-cms.f-static.net/uploads/4503387/normal_600ca14bdbdba.pdf
  • https://static.s123-cdn-static.com/uploads/4372073/normal_5ff78ab99f7f8.pdf
  • https://cdn-cms.f-static.net/uploads/4377095/normal_6019118bb55f2.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://wudazebej.atwebpages.com/how_to_increase_pressure_on_breville_espresso.pdf
  • https://ba10d46a-d7c1-43af-8542-f1a50f31aa8a.filesusr.com/ugd/4dded2_a2a242566f5b4acc9d84451757f5ea54.pdf?index=true
  • https://d90bda3b-35dd-409f-9d4b-b4a00d881a52.filesusr.com/ugd/b88e3d_1ec61dda3a084cce9fb21db5353cbf54.pdf?index=true
  • http://vimixof.onlinewebshop.net/mipunudajiropusorawiwuba.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.