Win.Trojan.Print-2 — PDF / .EXE malware analysis

Heuristics 4

• ClamAV: Win.Trojan.Print-2 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Win.Trojan.Print-2
• Embedded JS stream low PDF_JS
  PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
• String.fromCharCode low PDF_FROMCHARCODE
  String.fromCharCode found — used to construct payload strings dynamically. Common in benign JavaScript libraries for codepoint manipulation, so this alone is informational; weaponised use is also caught by the dedicated fromCharCode-stage and exploit-shape rules.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://www.oisv.com

  • http://www.dynamicpad.org/
  • http://www.rudenko.com/
  • http://www.rudenko.com/robosoft/upgrade_prog.html
  • http://www.rudenko.com/sites/
  • http://www.asp-shareware.org/pad
  • http://www.wingsofdarkness.net/php/index.php
  • http://illusionaryz.deviantart.com}}}\f2\fs18\par
  • http://www.BoltBait.com
  • http://www.BoltBait.com}}}\f2\fs18\par
  • http://www.dmashton.co.uk/
  • http://www.dmashton.co.uk/}}}\f2\fs18\par
  • http://www.xdp.it/cximage.htm
  • http://www.xdp.it/cximage.htm}}}\f0\fs18
  • http://www.icsharpcode.net/OpenSource/SharpZipLib/Default.aspx
  • http://www.icsharpcode.net/OpenSource/SharpZipLib/Default.aspx}}}\f2\fs18\par
  • http://www.sjbrown.co.uk/?code=squish
  • http://www.sjbrown.co.uk/?code=squish}}}\b\f0\fs18
  • http://www.pinvoke.com
  • http://www.pinvoke.com}}}\f2\fs18\par
  • http://www.oxygen-icons.org/
  • http://www.oxygen-icons.org/}}}\f2\fs18\par
  • http://www.everaldo.com/crystal/
  • http://www.everaldo.com/crystal/}}}\f2\fs18\par
  • http://www.huddletogether.com
  • http://huddletogether.com/projects/lightbox/
  • http://www.macecraft.com/share/lightbox/loading.gif
  • http://www.faqts.com/knowledge_base/view.phtml/aid/1602
  • http://simon.incutio.com/
  • http://www.macecraft.com/images/images-2/arrow.jpg
  • http://www.macecraft.com/images/images-2/header.jpg
  • http://www.macecraft.com/images/images-2/textfield_bg.gif
  • http://www.macecraft.com/images/images-2/tabBgNew.jpg
  • http://www.macecraft.com/images/images-2/user-rating-caption.jpg
  • http://www.macecraft.com/images/images-2/user-rating-body.jpg
  • http://www.macecraft.com/images/images-2/commonbox1-background.jpg
  • http://www.macecraft.com/images/images-2/commonbox1-caption.jpg
  • http://www.macecraft.com/images/images-2/commonbox1-body.png
  • http://www.macecraft.com/images/images-2/commonbox1-foot.jpg
  • http://www.macecraft.com/images/images-2/button1.jpg
  • http://www.macecraft.com/images/images-2/list-icon.jpg
  • http://www.macecraft.com/images/images-2/commonbox2-body.jpg
  • http://www.macecraft.com/ver2/images/emailbox.jpg
  • http://www.macecraft.com/ver2/images/table_heading.jpg
  • http://www.macecraft.com/images/images-2/tabBgNew2.jpg
  • http://mydomain.com/dp/
  • http://illusionaryz.deviantart.com
  • http://www.cs.man.ac.uk/~toby/alan/software/
  • http://www.cs.man.ac.uk/~toby/alan/software/}}}\f0\fs18
  • http://support.microsoft.com/servicedesks/msdn

  +5 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.