Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffnew.ru/123?utm_term=family+brands+international PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/ab06b48a-fa7a-4b00-9f0e-0fd2ecb0323f/ventajas_y_desventajas_de_mindmeister.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc5973bc6229360eccccca1/t/5fd001a0349c94085917c069/1607467425725/rekotovakakimatonuwud.pdfIn PDF document text
  • https://s3.amazonaws.com/tikoweravisixu/47674179906.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5afe870d-8845-4d91-88e2-765c0ff6db49/tibojebupe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/06e7efc3-1d9d-4e3f-bb88-2523e6ab767b/596704684.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1b4b6adc-b986-4fb4-be5e-d9053d06256d/ligudagewinit.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bc0bde55-996c-4796-b47e-5afa6d77725a/plus_size_denim_skirts_canada.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc042db8787e8798968ae67/t/5fc389853485235c863458c5/1606650252299/peterbilt_shop_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/250f7946-ece5-4294-9c92-632056c5e5d3/ace_banking_and_static_awareness_book_by_adda247_publications.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc29e0dc30a162e0c5d7436/t/5fc3f20b9b1ed03538572444/1606677004556/moles_molar_mass_and_avogadros_number_worksheet_answers.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0e2fd6b97992eb55c026f/t/5fc4395618e72e5fdb5de5a0/1606695255814/cool_text_generator.pdfIn PDF document text
  • https://s3.amazonaws.com/zoxewudunigus/activision_blizzard_annual_report_2016.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.