Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/wix?keyword=paris+2020+fashion+week PDF link annotation

  • http://webcam-model.online/xokemorob3ntv0.pdfIn PDF document text
  • http://cosmostil.top/netgear_wn1000rp_specsdr97o.pdfIn PDF document text
  • http://sungo1.space/dopey_ears_templatepds6z.pdfIn PDF document text
  • http://timurberg.ru/reveries_of_the_solitary_walker_sixth_walkbzsfh.pdfIn PDF document text
  • http://famozosivupiwij.sportsontheweb.net/how_to_get_share_the_wealth_cards_in_life.pdfIn PDF document text
  • http://tamasolesodaj.mypressonline.com/5166947921.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4484805/normal_60527cc5c11ab.pdfIn PDF document text
  • http://tumbaa.space/120737276hgsh.pdfIn PDF document text
  • http://galosidijixiwu.mypressonline.com/centrelink_nominee_form.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4468838/normal_6041cb87a9051.pdfIn PDF document text
  • http://werenntaq.online/nekugazorupe2pnrs.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4468530/normal_601a3823151b1.pdfIn PDF document text
  • http://canlisohbetim.net/engineering_thermodynamics_anna_universityckyko.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/xuxifuzituwu/18149043684.pdfIn PDF document text
  • https://s3.amazonaws.com/jixeremipet/motor_accidents_compensation_act_guidelines.pdfIn PDF document text
  • https://83d12552-0bc1-4415-b221-1da25caacb9b.filesusr.com/ugd/1e11d0_ab8c3ef0875148cf9c8c575780b1ad85.pdf?index=trueIn PDF document text
  • https://51fd5013-30c4-43d1-89ce-86564632a3b5.filesusr.com/ugd/9f06f8_da457adeda5b4432ac64819dfa4a2f24.pdf?index=trueIn PDF document text
  • https://6739ca04-605d-4ff4-b4c9-4e5bd75a7819.filesusr.com/ugd/031dda_6ec3d023e91b413b94134c7855614404.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/jutenojamega/timobudade.pdfIn PDF document text
  • https://s3.amazonaws.com/padanivozeb/65699281708.pdfIn PDF document text
  • http://xologikaju.atwebpages.com/daily_handwriting_practice_traditional_manuscript.pdfIn PDF document text
  • https://be934b08-0dcc-4e2e-8de1-c3c1c32dbfab.filesusr.com/ugd/d5415a_1f1d2acc233541d594fde2945f86d2bb.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/fipijife/juxivipuzevi.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.