Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/wix?keyword=the+things+they+carried+quiz+answers

  • http://ziratonis.iblogger.org/20450665217.pdf
  • http://servicesforsupport.com/72035304072ppd8.pdf
  • http://top-agent.ru/vepubomerekih8in8.pdf
  • http://wordsideget.top/how_to_verify_a_cashiers_check_is_legitq4qlf.pdf
  • http://topstudy.fun/bangla_natok_website_list3xs9g.pdf
  • http://maturibcgj.space/ruzejutixurufowokesozoakapm.pdf
  • http://istlan.fun/microsoft_excel_tutorial_video_youtubeh21oi.pdf
  • http://tomogorman.com/online_writing_jobs_in_usa226lx.pdf
  • http://presente-top.store/minecraft_xbox_the_tree_of_lifemi5zf.pdf
  • http://antonioit.space/how_to_replace_broken_sliding_door_glassfbmgm.pdf
  • http://stakingyfi.com/how_to_write_a_descriptive_narrativephlju.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://bb491b24-4c81-4ccc-8daa-bf1baeb171c2.filesusr.com/ugd/93c935_aebef3ef7a5c43cea85533b6df058ab8.pdf?index=true
  • https://uploads.strikinglycdn.com/files/774adaba-a6e2-4ad0-a4f2-6eafdae511ff/69507897162.pdf
  • https://63d876aa-455f-4c41-9c38-50747f3e0b95.filesusr.com/ugd/a220d5_cf220832bffb4968be67bea15a12d243.pdf?index=true
  • http://mokisomalew.rf.gd/cute_baby_goat_images.pdf
  • https://uploads.strikinglycdn.com/files/149be839-738f-4a9d-975e-0038b95d1fb9/guxotifafimasonofix.pdf
  • https://uploads.strikinglycdn.com/files/f65c0db1-d3fb-4231-8fcd-4fd2d16738eb/68378551583.pdf
  • https://ab9101c8-a046-40a0-ba79-761bab9f3367.filesusr.com/ugd/61fb7c_44c6fc0a1e854c8d89e8edb37d0065fb.pdf?index=true
  • https://uploads.strikinglycdn.com/files/88680e3f-5936-45b8-8d52-c8eec95d5a4d/the_merchant_of_venice_perfume_arabesque.pdf
  • https://d71fc03c-aea6-48f7-a990-8afffb22108d.filesusr.com/ugd/3de8a6_6e30e2861eac44b79c8909e33f5f6baf.pdf?index=true
  • https://uploads.strikinglycdn.com/files/51277842-ff03-4fda-be4c-7b1d60b5aa4c/99264497903.pdf
  • https://ee60c613-3dd1-430d-b711-08e3dcbf0273.filesusr.com/ugd/19ce5d_a96e14fe8fe2474d9a6e0cf57888642e.pdf?index=true
  • http://bukepajusoka.rf.gd/download_oracle_java_se_jdk_8_for_linux.pdf
  • http://sadedegigagivaw.rf.gd/tujububufobogup.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.