Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/wix?keyword=guide+gear+cargo+pants PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4419452/normal_601beb852426c.pdfIn PDF document text
  • http://jewlgems.com/como_conseguir_lingotes_de_oro_candyjpbua.pdfIn PDF document text
  • http://b4shop.icu/animal_english_song_freehaduh.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4403410/normal_6003a9944af6b.pdfIn PDF document text
  • https://cdn.sqhk.co/jowibigodene/eHjgiaN/lejol.pdfIn PDF document text
  • http://mazafaka69pussy.online/balearia_palma_formentera_directour3hd.pdfIn PDF document text
  • https://cdn.sqhk.co/bisulalu/h4uieih/vubavusudinugigud.pdfIn PDF document text
  • http://sugoxebojun.getenjoyment.net/88349494613.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4393893/normal_5fee8f6c77206.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4407064/normal_5fcf50204f3fa.pdfIn PDF document text
  • http://jonotijero.medianewsonline.com/bebixosafolugot.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/zesixefe/how_to_use_canon_f_718sga_scientific_calculator.pdfIn PDF document text
  • https://s3.amazonaws.com/batoragubukepo/melim.pdfIn PDF document text
  • https://s3.amazonaws.com/jefobexapulow/xozeseraraxax.pdfIn PDF document text
  • https://5a98ae10-8c7e-48da-b83f-9bcbc644cfa3.filesusr.com/ugd/9a8764_53888c3c2b964ff29c9f469110ec4f2a.pdf?index=trueIn PDF document text
  • https://4b4ea461-5266-411b-8735-d5290551f550.filesusr.com/ugd/7fedcf_511ae59c41a94a3599358a946eb7f046.pdf?index=trueIn PDF document text
  • https://03df18d0-0a94-4077-8b44-1f3cf8b7c870.filesusr.com/ugd/23a6c3_76893804b2eb46b6b105846d86eedfd3.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/megujobemegor/baby_shark_original_video.pdfIn PDF document text
  • https://010f2e21-25ca-4560-806d-08cbbb7c7db1.filesusr.com/ugd/74a852_5d598b124d1a4b8c9c9802ca514543e5.pdf?index=trueIn PDF document text
  • http://vuzuwukef.atwebpages.com/marx_capital_and_the_madness_of_economic_reason.pdfIn PDF document text
  • http://zowofiz.myartsonline.com/stepwise_regression_spss.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.