Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/wix?keyword=guess+the+movie+answers+level+33

  • http://onlyforyou.space/how_to_update_pioneer_power_meter_firmwareg0hi6.pdf
  • http://sigisuzuk.getenjoyment.net/las_aves_aristofanes.pdf
  • http://agentsoft.space/tubal_reversal_surgeryqkhnl.pdf
  • http://re-capital.ru/conductors_and_insulators_answer_keyg6prj.pdf
  • http://fumigatoff.online/tumaju8bxq.pdf
  • http://xtrading.buzz/replace_toner_error_brother_mfc-l2710dw8t9kx.pdf
  • http://cashbackmoney.info/denujea4jj5.pdf
  • http://meetcabinets.xyz/the_good_the_bad_and_the_ugly_flute_sheet_musicnhq35.pdf
  • http://zonizubiro.getenjoyment.net/nexawatakemobepini.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://xumuritikoxuk.myartsonline.com/how_to_replace_a_moen_bathroom_faucet_cartridge.pdf
  • http://gaxilitexu.onlinewebshop.net/23931571764.pdf
  • https://uploads.strikinglycdn.com/files/c0b0cad9-5b5f-4196-a845-8edfe5ec0d27/numerical_analysis_10th_edition.pdf
  • https://2a1457bb-a4d2-449b-8914-d784a503a6da.filesusr.com/ugd/c0fca2_3389fa0f25a7450ab1a499a92c7506e4.pdf?index=true
  • https://11f44e1d-c86f-4be6-baa1-90970e7c24f5.filesusr.com/ugd/a298ce_6ad0bd5552a54e06b7aa276aad4aa7ae.pdf?index=true
  • https://2a07c75e-e898-48ba-b326-4cccc82d0599.filesusr.com/ugd/ff154e_227a8d2a392540b388a8cd87b9f46616.pdf?index=true
  • https://12c48f50-3553-44c7-a31c-19fc5df83d07.filesusr.com/ugd/7e0eb0_3011805286cc4abdad776c78bea9da9e.pdf?index=true
  • https://uploads.strikinglycdn.com/files/cd6e4506-6645-4571-beb1-0e81e77bbc34/bidotuwopigenawi.pdf
  • https://uploads.strikinglycdn.com/files/8c32cd4e-f842-4e70-94d0-b77dde74dab8/nosagevasowoke.pdf
  • http://pisonepegosa.myartsonline.com/nojibubesime.pdf
  • https://uploads.strikinglycdn.com/files/881d8c2c-906c-4d78-80a3-12bdc8a4f3eb/jagizomofarejakagirim.pdf
  • https://uploads.strikinglycdn.com/files/f1c6f8b2-de29-48a0-bec8-830685f9b71a/tavesedavuwadarev.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.