Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=willy+wonka+world+of+candy+cheats

  • https://cdn-cms.f-static.net/uploads/4455195/normal_603f78329d813.pdf
  • https://static.s123-cdn-static.com/uploads/4417808/normal_5ff0e02144586.pdf
  • https://cdn-cms.f-static.net/uploads/4384155/normal_606cafefce7d1.pdf
  • https://cdn-cms.f-static.net/uploads/4482206/normal_602334a56e46f.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/pidufozu/buwalopedesowosas.pdf
  • https://s3.amazonaws.com/vuliwisuwig/big_green_egg_prices_large.pdf
  • https://s3.amazonaws.com/sefipa/97941092298.pdf
  • https://uploads.strikinglycdn.com/files/8db44461-96af-434f-9291-a4cb10ac8785/15611795109.pdf
  • https://uploads.strikinglycdn.com/files/dd0d3c02-0a37-4294-b5a4-79bd92f96aef/netgear_prosafe_vpn_firewall_fvs318_price.pdf
  • https://uploads.strikinglycdn.com/files/6555acae-747a-48a1-ab5c-9d3275c1322c/bluedriver_not_reading_abs_codes.pdf
  • https://uploads.strikinglycdn.com/files/6ade2ecb-8739-4505-bbe6-11fe8e15874c/how_many_pages_are_in_diary_of_an_awesome_friendly_kid.pdf
  • https://uploads.strikinglycdn.com/files/27a3708e-8302-4c8d-b0ad-c95c8f77f623/72909314242.pdf
  • https://uploads.strikinglycdn.com/files/48508951-694e-4d56-a6f2-d6e4db961f6a/alien_1979_full_movie_download_in_hindi_filmyzilla.pdf
  • https://s3.amazonaws.com/fewunadupop/how_to_perform_anova_in_excel_2007.pdf
  • https://uploads.strikinglycdn.com/files/27061295-a77e-4330-a670-aa342c23a78d/13509172729.pdf
  • https://uploads.strikinglycdn.com/files/97180f46-2277-440c-b4cf-c38154819fba/tp_link_nano_powerline_setup.pdf
  • https://s3.amazonaws.com/vonutavekip/creating_cv_template_word.pdf
  • https://uploads.strikinglycdn.com/files/a95f41c0-104d-4b78-be39-7ee7afc7055f/8688419716.pdf
  • https://uploads.strikinglycdn.com/files/250b0b42-779f-4a0d-ba19-538a76b3bb31/42237845227.pdf
  • https://s3.amazonaws.com/lusegokaves/healthy_behaviors_worksheet.pdf
  • https://s3.amazonaws.com/tabobujimo/o_que__o_direito.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.