Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/wix?keyword=unknown+ultimate+mod+menu

  • https://cdn.sqhk.co/durotula/idifhju/sound_effects_app_free.pdf
  • https://cdn.sqhk.co/rokedoneja/vigibwX/46516992881.pdf
  • https://cdn.sqhk.co/rorajakura/ZhijcaR/fake_caller_anonymous_talk.pdf
  • https://cdn.sqhk.co/taxodisilif/hoKf6hV/pocket_academy_zero_mod_apk_android_1.pdf
  • https://cdn.sqhk.co/judawube/gijg54d/1097276062.pdf
  • https://cdn.sqhk.co/nitagalut/hjfhjgi/11528257174.pdf
  • https://cdn.sqhk.co/zikegasenar/giJKqwZ/pocket_academy_zero_apk_mod.pdf
  • https://cdn.sqhk.co/vuzujugasije/f1jb4jc/vivinotuniziroz.pdf
  • https://cdn.sqhk.co/molodomo/5Mhfgik/79528288458.pdf
  • https://cdn.sqhk.co/xufojidaju/qbOgcif/mein_schiff_2_neu_2019.pdf
  • https://cdn.sqhk.co/tiwopaperuv/6gfji9Z/41162632148.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/5b8c3eea-d037-45ec-935d-21b07f292336/how_to_setup_a_canon_printer_to_the_wifi.pdf
  • https://uploads.strikinglycdn.com/files/972245fc-1e12-4519-b9a6-0f698d0720c6/41276222278.pdf
  • https://uploads.strikinglycdn.com/files/39397a1f-e91c-4631-a9eb-5ca3c460a875/78958179990.pdf
  • https://uploads.strikinglycdn.com/files/b408b56c-92aa-43a7-b0eb-0597dbec0136/2007_bmw_x3_3.0_oil_reset.pdf
  • https://uploads.strikinglycdn.com/files/016386e1-cb9d-46ed-9926-aa57f62bbc31/xfinity_x1_rf_remote_setup_onn.pdf
  • https://uploads.strikinglycdn.com/files/b7dc5b25-c4e2-49be-8814-1f320b297e18/canon_mg6320_b200_error.pdf
  • https://uploads.strikinglycdn.com/files/c2d42c74-bf28-4435-9fea-c143d0bfd112/delta_flight_attendant_pay_rate.pdf
  • https://uploads.strikinglycdn.com/files/28e798b7-d1f8-4e3f-8a3c-f25958515dbd/modern_calligraphy_alphabet_practice_sheets.pdf
  • https://uploads.strikinglycdn.com/files/93f372b6-9314-40ef-999d-961a7fee44a2/free_maths_worksheets_for_7-8_year_olds.pdf
  • https://uploads.strikinglycdn.com/files/a081d920-56ac-4db4-a8e9-55f4ee879261/coloring_learn_mod_apk.pdf
  • https://uploads.strikinglycdn.com/files/846db21e-4488-4aac-8c2b-83346efb9bd5/football_manager_handheld_2021_apk.pdf
  • https://uploads.strikinglycdn.com/files/7f599854-7c8b-4759-8806-70a1292f1234/crack_nitro_pro_9.5.4.22_download.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://sinhala.sourceforge.net/
  • http://sinhala.cvs.sourceforge.net/viewvc/*checkout*/sinhala/sinhala/fonts/CREDITS
  • http://www.gnu.org/licenses/gpl-2.0.html

Open this report in the interactive analyzer, or submit your own file for analysis.