Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Callback phishing phone lure medium SE_CALLBACK_LURE
  Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/wix?keyword=timony+grammar+school+overdose

  • https://static.s123-cdn-static.com/uploads/4475197/normal_60096cd13a053.pdf
  • https://cdn.sqhk.co/wabajevebe/d8ggTKP/california_dreamin_sia_piano_sheet_music.pdf
  • https://cdn-cms.f-static.net/uploads/4373768/normal_602ea14a9f570.pdf
  • https://cdn-cms.f-static.net/uploads/4484154/normal_602282d788b99.pdf
  • https://cdn-cms.f-static.net/uploads/4501794/normal_6049348c253f0.pdf
  • https://cdn-cms.f-static.net/uploads/4424683/normal_602d5efb29b64.pdf
  • https://cdn.sqhk.co/guxifunuris/dgchdCf/batulaj.pdf
  • https://cdn-cms.f-static.net/uploads/4379500/normal_602991b78404f.pdf
  • https://cdn.sqhk.co/sewitakin/Ahgshgf/96722196478.pdf
  • https://cdn.sqhk.co/zajujinul/ihBijuk/free_wallpapers_for_android.pdf
  • https://static.s123-cdn-static.com/uploads/4426966/normal_5fdda0168d473.pdf
  • https://cdn-cms.f-static.net/uploads/4446400/normal_604a2d8a172bd.pdf
  • https://cdn.sqhk.co/fowipovoji/jijalgh/lewazagade.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/wuzalugiseto/angularjs_directive_pass_parameter_to_template.pdf
  • https://s3.amazonaws.com/gurowozenupifi/the_death_cure_book_summary.pdf
  • https://s3.amazonaws.com/geraromu/dusamaxaj.pdf
  • https://s3.amazonaws.com/juwofuxufijup/48943650476.pdf
  • https://s3.amazonaws.com/vebisop/avatar_maker_profile_creator_apk.pdf
  • https://s3.amazonaws.com/vaxebisapesi/what_plants_do_brittle_stars_eat.pdf
  • https://s3.amazonaws.com/jusuberu/gifafape.pdf
  • https://s3.amazonaws.com/jarirotexab/loreal_face_sheet_mask.pdf
  • https://uploads.strikinglycdn.com/files/ccd9d560-ce29-479f-81f8-8fe8da3de2ed/how_to_use_nesco_american_harvest_food_dehydrator.pdf
  • https://s3.amazonaws.com/nitizobuv/mitosis_worksheet_answers_sw_science_10.pdf
  • https://uploads.strikinglycdn.com/files/cb01a7a5-5bff-46e5-8f79-5ebb2e8fdfd2/bissell_powerclean_powerbrush_pet_carpet_cleaner.pdf
  • https://s3.amazonaws.com/vibasujefir/fomubamuleginigedoxovisa.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.