Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/123?utm_term=ayat+kursi+100x+merdu PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/577767a5-47d9-4fb0-a94f-6f4f8322d488/how_to_wish_on_retirement_farewell.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/89ee78b4-1dc0-40aa-83a6-d00840d532ec/fezulafafanoxafeva.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9eef60c8-c1ce-47ab-8112-c457c4c10a0f/koxifujesasupe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5b4fa5a9-de84-41b3-8f34-b9f65d23e467/chick_fil_a_cobb_salad_calories_no_dressing.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ae0d18f7-d7df-429d-b8f9-bfc6ac6bb432/leguw.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2451706c-c345-4c93-bb86-9dbb1fd54c9a/43466782196.pdfIn PDF document text
  • http://gosirata.pbworks.com/f/mini_militia_mod_unlimited_gas_and_ammo.pdfIn PDF document text
  • http://gatasulupu.pbworks.com/f/how_to_calculate_percent_yield_limiting_reagent.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/be1754f7-b13c-4385-b2a2-10bb7aadb7ec/good_books_to_read_for_psychology_students.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5fdb0e08-260d-4eb8-8a82-8bafa6ef5576/71966203476.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/632e3329-17c4-4590-8e7a-c9ed9ad7e9fe/are_two_drawer_dishwashers_good.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f91beb9c-adf3-4ba2-8f76-f1429b25de4c/43332297530.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b630ba93-17bc-4f71-b1c3-01c315e8d8f6/examen_diagnostico_secundaria_primer_grado_matematicas.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cd30d056-b8bf-4dd5-88e3-f84219e7c4b4/project_management_institute_pmi.pdfIn PDF document text
  • http://gifavipa.pbworks.com/f/descargar_halo_combat_evolved_completo_en_espaol_para_pc.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1d8d4b5f-f96d-4bd4-92af-d326d8a9e85e/transmission_fluid_check_nissan_altima.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8f63a483-a65a-4b59-be1e-53a270185a27/whats_the_best_ammo_for_a_taurus_g2c.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f14d9bc2-c826-4444-bc03-5e8ab916f959/como_eliminar_alacranes_y_escorpiones.pdfIn PDF document text
  • http://viluxese.pbworks.com/f/57930306757.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/432ced20-e761-4b43-b846-508de1df7f23/dowusogebi.pdfIn PDF document text
  • http://funuvutidip.pbworks.com/w/file/fetch/144587298/pubg_mobile_ranking_system_points_2019.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d11e2658-faca-493c-bf93-a1206f9e2558/william_blake_poems_free_download.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/62f086b0-71e6-40cb-abd9-74694b21c3eb/comcast_cable_not_working_ref_code_s0a00.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0abb5421-ccb3-4381-80d1-ecc664be6a31/monster_2014_korean_movie_download.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.