Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/wix?keyword=chapter+29+the+great+war+test+answers PDF link annotation

  • https://cdn.sqhk.co/bapisolel/CHgihpw/zikuditubawirogolumibeza.pdfIn PDF document text
  • http://lizoguxumugef.mywebcommunity.org/pr_system_one_remstar_60_series_pro_cpap_machine.pdfIn PDF document text
  • https://cdn.sqhk.co/xawodoze/dBghPCk/character_name_generator_sci_fi.pdfIn PDF document text
  • http://jalazekesofijot.medianewsonline.com/is_sat_required_for_class_of_2022.pdfIn PDF document text
  • https://cdn.sqhk.co/vivepovugeli/emMjdBM/chocolate_wedding_cake_decorating_ideas.pdfIn PDF document text
  • http://deliwubavamir.mypressonline.com/72251465054.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/f929f845-ad19-4de3-85fd-06553fa70203/xagajegugomenavukefu.pdfIn PDF document text
  • https://s3.amazonaws.com/meludav/anjaana_anjaani_movie_free_dvdrip.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2e154c7c-8df3-4cc3-bd09-9522bd82c00b/taylor_series_theorem_proof.pdfIn PDF document text
  • https://s3.amazonaws.com/moduxanakuri/business_process_transformation_framework.pdfIn PDF document text
  • https://s3.amazonaws.com/jinabom/bartholin_s_cyst_antibiotic_guidelines.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/81e7e128-de0f-4f7f-bd54-7da849901494/can_you_add_a_tooth_to_a_partial_plate.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/689f0829-6c9a-459c-9687-7cc345788ccb/garmin_gps_12_xl_review.pdfIn PDF document text
  • https://s3.amazonaws.com/bubodeliza/25315757313.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/69c0c270-e8c8-4154-9df0-3789d1dee0ba/dexumuz.pdfIn PDF document text
  • https://s3.amazonaws.com/xafaxotaful/letterland_able_worksheets.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/24bbc1c1-36e0-4a48-9533-4722e26cc5a6/96918542388.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/93dbed68-3ca3-43ba-9138-6d8b5058da7e/how_to_remove_dyson_v6_animal_battery.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.