Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/123?utm_term=love+anniversary+images+hd

  • https://static.s123-cdn-static.com/uploads/4475715/normal_6007a1b033733.pdf
  • http://expressday.online/does_lara_jean_and_peter_sleep_togetherfo3p3.pdf
  • http://themarkuzmusic.com/88232876097dyryg.pdf
  • http://zomaragexavope.sportsontheweb.net/m_audio_fast_track_ultra_8r_driver_mac_catalina.pdf
  • http://acupofjacob.com/12459945149f700o.pdf
  • https://cdn-cms.f-static.net/uploads/4449775/normal_60395a1116b5c.pdf
  • https://cdn-cms.f-static.net/uploads/4393018/normal_6040485ae26b7.pdf
  • https://cdn-cms.f-static.net/uploads/4366995/normal_5fd702fed2702.pdf
  • https://cdn-cms.f-static.net/uploads/4370053/normal_60327eaab6664.pdf
  • http://fejugutafilevin.scienceontheweb.net/what_is_the_highest_paid_nurse_position.pdf
  • http://turistik-a.ru/wills_eye_hospital_ophthalmology_clinic44lij.pdf
  • https://cdn-cms.f-static.net/uploads/4484636/normal_5fd60a70493aa.pdf
  • https://cdn-cms.f-static.net/uploads/4483388/normal_604631fdd81b7.pdf
  • http://jiwapadenejeza.getenjoyment.net/befug.pdf
  • http://italywow.space/gamodubivelawit3o4ft.pdf
  • https://cdn-cms.f-static.net/uploads/4479715/normal_5fdc1b20388f1.pdf
  • https://cdn-cms.f-static.net/uploads/4378153/normal_60159f4c03cfc.pdf
  • http://pinegobojefo.getenjoyment.net/66486568943.pdf
  • https://cdn-cms.f-static.net/uploads/4443608/normal_604cd7413868f.pdf
  • https://cdn-cms.f-static.net/uploads/4463034/normal_602657ae10f94.pdf
  • https://static.s123-cdn-static.com/uploads/4501775/normal_5fc850a726cb0.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://gifidabula.atwebpages.com/clinical_examination_book.pdf
  • https://s3.amazonaws.com/tudawufed/fijolufitipodajij.pdf
  • https://s3.amazonaws.com/muxegeza/dear_comrade_movie_video_songs_mp4.pdf
  • https://s3.amazonaws.com/jirebonudur/kujibufozelawaxop.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.