Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/strik?utm_term=the+living+bible+app+for+android

  • https://cdn-cms.f-static.net/uploads/4381766/normal_604339ae64974.pdf
  • http://xawegap.mywebcommunity.org/irregular_verbs_in_the_preterite_practice.pdf
  • http://pegajopakazo.22web.org/darth_revan_event_swgoh_guide.pdf
  • https://cdn-cms.f-static.net/uploads/4407807/normal_600e31187c7c8.pdf
  • http://tafakiduwav.scienceontheweb.net/belkin_n600db_wireless_range_extender.pdf
  • http://sokegex.mywebcommunity.org/washington_state_covid_vaccine_eligibility_app.pdf
  • https://cdn-cms.f-static.net/uploads/4485321/normal_601ff17c2c902.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://ximuxulizi.myartsonline.com/how_to_change_decimal_places_on_financial_calculator.pdf
  • https://s3.amazonaws.com/tanapilamaxi/70193144757.pdf
  • https://233b4d2f-9c44-4004-b776-098ebc281e6f.filesusr.com/ugd/7f980c_ed5a5abd90564b48a2c2e0e8d7d8530b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d227a3fc-26d0-497c-ad91-b93fd00c6645/norstar_phone_system_feature_codes.pdf
  • http://dumadanovoj.rf.gd/logic_and_contemporary_rhetoric_13th_edition.pdf
  • https://s3.amazonaws.com/jokotaziweluge/37212626303.pdf
  • https://6bb2b61b-82bf-473b-8365-63ddb02ddbdd.filesusr.com/ugd/d55797_ef5473b613b443a89fae5d4bed08e5e8.pdf?index=true
  • https://6b613d20-07f7-402f-9a96-302f7864d873.filesusr.com/ugd/a9248e_a13543cb6bfe4a369c052b95c5619fc3.pdf?index=true
  • https://s3.amazonaws.com/sajatesawodiji/gewolixad.pdf
  • https://d71fc03c-aea6-48f7-a990-8afffb22108d.filesusr.com/ugd/3de8a6_567b574a70644dc1bced491ef5b31133.pdf?index=true
  • https://uploads.strikinglycdn.com/files/274154d4-1167-442d-a4fd-9316947428f5/37692041736.pdf
  • https://0f8fedcd-12c0-4678-86f8-e2bff7269121.filesusr.com/ugd/70e7d4_ace8612a4586409db37d1323aa96fdd7.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.