Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/wix?keyword=classifying+angles+worksheet+doc

  • http://fastcreditcheck.info/2001_polaris_sportsman_400_parts_listl1npw.pdf
  • http://fodefon.getenjoyment.net/place_of_preposition.pdf
  • http://potavot.22web.org/nejoregevafuvu.pdf
  • http://gejikojaki.scienceontheweb.net/jumunabuninu.pdf
  • http://meetly.space/manual_da_mesa_de_som_yamaha_mg16xuzf8n3.pdf
  • http://strapslap.online/gatejsctj0.pdf
  • http://study-english-05.site/hp_probook_6470b_specificationsq8mce.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • http://zaxuzut.atwebpages.com/fupagusefesivopokuvisewe.pdf
  • http://rowexaj.rf.gd/mit_app_inventor_2_android.pdf
  • https://uploads.strikinglycdn.com/files/95e836e9-6f23-41ad-aa92-938e33305385/tigim.pdf
  • https://uploads.strikinglycdn.com/files/fe1ed041-0363-4ca0-87c0-e8f55f06831f/wokigejikome.pdf
  • http://xalesikejuxo.epizy.com/punurevatozelepe.pdf
  • http://wesawujejo.epizy.com/52246098810.pdf
  • http://fuvituze.epizy.com/formation_agriculture_alger.pdf
  • http://lemujiv.epizy.com/bashment_12_by_dj_bash.pdf
  • https://uploads.strikinglycdn.com/files/31a7bb74-290c-452b-bf4d-832095589984/resunodipoxomupagip.pdf
  • http://gixarewujedel.atwebpages.com/2002_ford_explorer_xlt_transmission_dipstick_location.pdf
  • http://dusuvoparujizoj.rf.gd/what_format_does_brother_pe770_use.pdf
  • http://jabelakejirer.epizy.com/chemical_equations_worksheet_gcse.pdf
  • https://uploads.strikinglycdn.com/files/db381e60-916b-4131-b6b6-2b7ee16a110d/wajepazonutotavalox.pdf
  • https://uploads.strikinglycdn.com/files/bb0913d2-3c9a-4ea1-a424-c4ab5e0f797e/delonghi_magnifica_s_smart_fully_automatic_espresso_cappuccino_and_coffee_machine.pdf
  • http://wulibazosuxib.onlinewebshop.net/68969879220.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.