Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/award?keyword=hacer+aviones+de+papel+pdf

  • https://cdn.sqhk.co/waxobakal/haSJThg/75308810123.pdf
  • https://cdn.sqhk.co/mimofeto/gijgGid/super_mega_worm_online.pdf
  • https://cdn-cms.f-static.net/uploads/4452381/normal_60364a3213960.pdf
  • http://masito.space/vobekekt3y.pdf
  • https://cdn-cms.f-static.net/uploads/4409396/normal_6036d000a720d.pdf
  • https://static.s123-cdn-static.com/uploads/4492900/normal_6007f2bee5fd6.pdf
  • https://cdn.sqhk.co/reriwoduriju/dhajglG/27331903934.pdf
  • http://leafester.online/vomipelalasebivokugejig8unb1.pdf
  • https://cdn.sqhk.co/rasepotobami/Vjdjbib/nutimozajoxukiri.pdf
  • https://static.s123-cdn-static.com/uploads/4460463/normal_5ff534467f63b.pdf
  • https://cdn.sqhk.co/wepigosogo/blhi2zV/466283414.pdf
  • http://shop-profildoors.ru/what_is_general_anesthesia_for_surgerylf677.pdf
  • http://extraterrestrials.space/web_services_vs_wcf_vs_web_api_vs_restoy0jw.pdf
  • https://cdn-cms.f-static.net/uploads/4406166/normal_603383c2dbba8.pdf
  • http://busivel.xyz/1786039521c7exk.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/48e0e70f-8170-4d82-a82a-75e1ae6ee40e/what_myers_briggs_types_work_well_together.pdf
  • https://uploads.strikinglycdn.com/files/44248482-6641-4e4b-92be-8e98de1b49de/z_score_table_95_confidence_interval.pdf
  • https://246406bc-bb0d-4f29-baed-d8a6153a9543.filesusr.com/ugd/3ddeef_5cf1ba8bd18d4f37b8463476b96af5df.pdf?index=true
  • https://uploads.strikinglycdn.com/files/881e4531-ccae-432e-8705-c48b260c9e8a/the_man_in_the_high_castle_season_2_episode_3_cast.pdf
  • https://6acf0ca1-aa41-4771-8b91-54baff69ee7f.filesusr.com/ugd/7d1dc9_244d09a2bb894e46ad37f3bca974ef55.pdf?index=true
  • https://b6e49935-6d58-4bde-831f-6e0b746776d3.filesusr.com/ugd/7d321f_37bf31fa922642d99dada9dcb2c9314a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.