Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/award?keyword=percentage+base+rate+formula+and+examples+pdf

  • http://varnisvakq.ru/careless_whisper_sheet_music_for_trumpetvwxdh.pdf
  • http://mavitrade.com/62607549443yb698.pdf
  • https://cdn.sqhk.co/remezebona/javaIFj/space_warfare.pdf
  • http://onlajn-kassa.ru/posture_corrector_reviews_consumer_reportsm2iy3.pdf
  • https://cdn.sqhk.co/wavudasawete/jjinHjh/fall_guys_ultimate_knockout_download_apk_android.pdf
  • https://cdn.sqhk.co/mudemodox/ToDge2U/95872163087.pdf
  • https://cdn.sqhk.co/kitatoze/ia4hcfD/83139686274.pdf
  • http://usersdeviceprotectionservice.site/dunodsoxok.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/jolituzoji/all_star_cheer_uniform_shorts.pdf
  • https://uploads.strikinglycdn.com/files/5ac04a17-5958-44ee-936b-738670ed9756/bradley_smoker_heating_element_wattage.pdf
  • https://uploads.strikinglycdn.com/files/db0ad581-a3a8-47a3-bd18-965a92acebb2/preguntas_y_respuestas_del_libro_la_metamorfosis_de_franz_kafka.pdf
  • https://uploads.strikinglycdn.com/files/a41eec74-bbc8-489e-a615-cad30e776676/zagarexudarufugeratus.pdf
  • https://s3.amazonaws.com/ratixifo/mudatem.pdf
  • https://s3.amazonaws.com/xukirizugukugi/how_to_calculate_potential_transformer_ratio.pdf
  • https://uploads.strikinglycdn.com/files/5f3868d0-592b-4c14-8be3-c4fb33f1cb37/hp_laserjet_400_m401n_jam_in_cartridge_area.pdf
  • https://uploads.strikinglycdn.com/files/96d46610-f097-486a-a5f3-78af6cba6ce2/30711627561.pdf
  • https://s3.amazonaws.com/muwomapotumugi/pradhan_mantri_awas_yojana_form_status.pdf
  • https://s3.amazonaws.com/fodose/dulivebobebuz.pdf
  • https://s3.amazonaws.com/dorulusof/fractions_to_percentages_worksheet_gcse.pdf
  • https://s3.amazonaws.com/xomudufe/moment_diagram_uniformly_distributed_load.pdf
  • https://uploads.strikinglycdn.com/files/3ed5716f-6e62-406b-b4b7-a0a4bca53ea0/amazon_wheel_of_time_book_13.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.