Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/123?utm_term=haese+mathematics+10+pdf PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4447273/normal_6069fbb58b863.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4445726/normal_602e4a14dde4f.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4501963/normal_6010c4f4f1587.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4456378/normal_60277b9f0a269.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4408172/normal_606e8ce74d2f9.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4380691/normal_5fcf975645122.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4480732/normal_60268780b99ae.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4424011/normal_5fe3f9d647c23.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4405639/normal_5fe13655575a7.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4408596/normal_5fc6d6ff3b8f6.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4425933/normal_601a0de25339d.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/87f35caa-4993-421b-aff8-234aa66f297e/nokib.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/aaca3ebb-4f10-40be-84c4-a11e1be45efb/how_to_size_transformer_breaker.pdfIn PDF document text
  • http://kipizasuzeda.pbworks.com/f/bepozajogudiwuzina.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5526a778-e681-4171-8987-79999d9cb68a/dejotilelo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/44c0be05-9633-4597-ae4d-2204b9de671c/4l80e_valve_body_exploded_view.pdfIn PDF document text
  • http://bovojigu.pbworks.com/w/file/fetch/144418140/15246981713.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f5acbe01-c398-484a-beed-2d5973c5ee6a/62918910020.pdfIn PDF document text
  • http://xovelezid.pbworks.com/f/what_does_444_mean_in_a_text_message.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/02115973-51ba-4342-91c5-38f7a1f0f36f/pesisono.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4ff3c67d-329d-42eb-bbfe-b1395e370e3a/what_is_the_energy_storage_molecule_of_cells.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.