Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/wix?keyword=conflict+in+the+most+dangerous+game+worksheet

  • https://cdn-cms.f-static.net/uploads/4497369/normal_60419d6fea4ee.pdf
  • https://cdn-cms.f-static.net/uploads/4371025/normal_602a10e05087a.pdf
  • https://static.s123-cdn-static.com/uploads/4415322/normal_5fc9a86d9eab5.pdf
  • https://cdn-cms.f-static.net/uploads/4475559/normal_602753b40ecb7.pdf
  • https://cdn-cms.f-static.net/uploads/4490128/normal_604159040367a.pdf
  • https://static.s123-cdn-static.com/uploads/4369768/normal_60085cf4528ea.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/521f5b61-fa7d-4a72-8c6d-0dfbff64b6a9/taco_bell_chicken_power_bowl_nutrition_info.pdf
  • https://uploads.strikinglycdn.com/files/ffae3bb2-c5a3-4777-af18-9cb9cb546142/95855931608.pdf
  • https://uploads.strikinglycdn.com/files/58510dcd-a50d-4c56-af05-39652b227268/personality_plus_book_in_hindi_free_download.pdf
  • https://uploads.strikinglycdn.com/files/b7550e48-7d28-4224-ac3d-3bc50904b80c/gopasafelop.pdf
  • https://s3.amazonaws.com/xamapebonijos/37199623113.pdf
  • https://uploads.strikinglycdn.com/files/a7b60abc-c8fa-49c6-b9bb-2c7688cf63ac/how_do_i_reset_my_epson_waste_ink_pad.pdf
  • https://uploads.strikinglycdn.com/files/50320f7b-a9e4-45c0-bca4-cce70b349808/numapejaziguvuvup.pdf
  • https://s3.amazonaws.com/xukonakefules/affinity_designer_size.pdf
  • https://s3.amazonaws.com/betefowubevat/lying_and_stealing_parents_guide.pdf
  • https://uploads.strikinglycdn.com/files/565f49b0-47d2-4a66-b3ff-10689adf1385/fx_a_christmas_carol_cast_imdb.pdf
  • https://s3.amazonaws.com/dowesitobuga/51114539083.pdf
  • https://uploads.strikinglycdn.com/files/51629fa2-0f1f-4d11-9bc5-4592e1aeb8fe/sunuzutoji.pdf
  • https://s3.amazonaws.com/nodetuxapabara/amway_atmosphere_drive.pdf
  • https://s3.amazonaws.com/bajapovogam/kindergarten_worksheets_letter_l.pdf
  • https://s3.amazonaws.com/bipepezuwed/81681971147.pdf
  • https://s3.amazonaws.com/fibesezati/news_report_today_video.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.