Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/wix?keyword=%25D8%25A7%25D9%2584%25D9%2581%25D9%258A%25D8%25A9+%25D8%25A7%25D8%25A8%25D9%2586+%25D9%2585%25D8%25A7%25D9%2584%25D9%2583+audio

  • https://vonuxunip.weebly.com/uploads/1/3/4/3/134377821/26142.pdf
  • https://static.s123-cdn-static.com/uploads/4484364/normal_5ff37f471b389.pdf
  • https://cdn-cms.f-static.net/uploads/4465131/normal_60599976c88cb.pdf
  • https://lififamofupuge.weebly.com/uploads/1/3/4/3/134317858/3138066.pdf
  • https://static.s123-cdn-static.com/uploads/4479925/normal_5fdefd79ebfeb.pdf
  • https://xavixevoke.weebly.com/uploads/1/3/4/5/134590279/fosolon.pdf
  • http://salogogudezofa.iblogger.org/carer_recognition_act_2010.pdf
  • https://togezajotutev.weebly.com/uploads/1/3/0/8/130874352/xajito.pdf
  • https://cdn-cms.f-static.net/uploads/4448547/normal_605f3583ba1c9.pdf
  • http://kiwirixup.22web.org/literature_review_on_bambara_groundnut.pdf
  • http://www.opentle.org
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://fedorahosted.org/lohit
  • http://www.indictrans.org
  • http://xigavuda.rf.gd/the_misfit_of_demon_king_academy_japanese_name_manga.pdf
  • http://lodafudamisov.epizy.com/probability_tree_diagrams_gcse.pdf
  • http://ribibepope.epizy.com/begonia_formosana_f_albo-_maculata.pdf
  • http://famovuwozagomo.epizy.com/dagogobube.pdf
  • https://26c1613e-5d28-4fa3-89cb-3d2c9ab59faf.filesusr.com/ugd/fe83c3_00099fa20e0548139b7c828db7af503e.pdf?index=true
  • http://vibiwarufade.rf.gd/metenagom.pdf
  • http://muwutumob.epizy.com/metewig.pdf
  • http://nebugobebakejef.rf.gd/gerepuzaxejedolegoxeg.pdf
  • https://9b321a86-0615-40a7-b684-6dced782f4cc.filesusr.com/ugd/e3cae3_1914e921472942fb947f97e9a412d32e.pdf?index=true
  • http://nozafawuronixe.epizy.com/59395394755.pdf
  • http://duxuramubot.epizy.com/87292592777.pdf
  • https://b47237a6-1880-4d87-9598-f01162bab054.filesusr.com/ugd/1fe0ea_24f7ea6cc1f14751a8310266ea5e3ac6.pdf?index=true
  • http://gefimosikalet.rf.gd/rewenozor.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://www.gnu.org/licenses/gpl.html
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License
  • http://scripts.sil.org/OFL
  • http://www.geocities.com/mitra_anirban/hobbies.htmGNU
  • http://www.gnu.org/copyleft/gpl.htmRegular

Open this report in the interactive analyzer, or submit your own file for analysis.