Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffnew.ru/wb?keyword=should%20you%20answer%20a%20toll%20free%20call PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/nupotukig/pesquisa_bibliogrfica_livro.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e2944d43-a869-4033-a953-4d7531dd7895/77344059749.pdfIn PDF document text
  • https://s3.amazonaws.com/taguxif/karaoke_night_flyer_template.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf54abf81c9a2a0c98f6b5/1606374571886/the_origins_and_history_of_consciousness.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc7b8c4418d7934ac78d68d/t/5fcffbc5f5eb572b8a2a54a9/1607465928033/piano_keys_octaves_numbered.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc32cce11f6a4198494824d/t/5fcc760e978da30c56f63d54/1607235087992/flight_simulator_games_for_pc_free_online.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/97c1007b-5627-4e96-908b-97dd3ad9c710/58808184923.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc5d8daa5bc066edfc77a21/t/5fd74bd2ab77727176ab9977/1607945171520/pulmonary_embolism_guidelines_acc_aha.pdfIn PDF document text
  • https://s3.amazonaws.com/zafirawit/abripedic_crisp_percale_sheets.pdfIn PDF document text
  • https://s3.amazonaws.com/webipejonavuv/o_que__sociologia_editora_brasiliense.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc57f453398ff75154cec93/t/5fc5e909e18c5c478ec79651/1606805770945/coin_master_hack_without_verification.pdfIn PDF document text
  • https://s3.amazonaws.com/didowugorokirug/bufinawojubexonegik.pdfIn PDF document text
  • https://s3.amazonaws.com/fatisake/2010_toyota_camry_hybrid_owners_manual.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.