Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
  Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/strik?utm_term=can+i+play+roblox+on+a+school+chromebook

  • https://cdn-cms.f-static.net/uploads/4401515/normal_605f6584ed7c4.pdf
  • https://static.s123-cdn-static.com/uploads/4489601/normal_5fe38f39ec271.pdf
  • https://static.s123-cdn-static.com/uploads/4367680/normal_5ffa3b6925cc8.pdf
  • https://static.s123-cdn-static.com/uploads/4383703/normal_5fecc4efb0713.pdf
  • https://cdn-cms.f-static.net/uploads/4424996/normal_601e748fe9d1f.pdf
  • https://cdn-cms.f-static.net/uploads/4369306/normal_601b52106df6a.pdf
  • https://cdn-cms.f-static.net/uploads/4446289/normal_6067ebf88353e.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/0611562c-923b-4f8b-8b81-db73c6e867dd/how_to_perform_a_fuzzy_lookup_in_excel.pdf
  • https://uploads.strikinglycdn.com/files/1c6fd188-379b-4a06-8f35-0c585b4c14d4/99334362985.pdf
  • https://uploads.strikinglycdn.com/files/19c9105e-c687-43c6-97a9-f62a3cac9146/inverted_commas_worksheet_tes.pdf
  • https://uploads.strikinglycdn.com/files/28859da2-9ac2-43c4-94a0-f31e79baf7aa/ruzabifodekojafibiruvijo.pdf
  • https://uploads.strikinglycdn.com/files/8acf7e3d-025c-4ff4-b8c5-2dc72a8c3ce6/country_with_the_largest_economy_in_east_africa.pdf
  • https://uploads.strikinglycdn.com/files/f2565e0d-cb91-438c-91bd-22341fcbf58c/99073929245.pdf
  • https://uploads.strikinglycdn.com/files/80ae2299-d486-40c3-ab34-89d703ad23c6/who_is_considered_the_most_attractive_man_in_the_world.pdf
  • https://uploads.strikinglycdn.com/files/a07f3ada-7805-453d-a3c4-aa1e03a8521a/how_to_learn_marketing_management.pdf
  • https://uploads.strikinglycdn.com/files/b23516c7-c957-4487-8949-7a4bc4d3f8df/the_last_song_movie_online_free.pdf
  • https://uploads.strikinglycdn.com/files/be3fa08e-fbab-4a81-8476-b5857f94b683/bubujekekiremizofowin.pdf
  • https://uploads.strikinglycdn.com/files/5a37a3d1-4fcc-495e-b957-11a71e8b389c/stand_by_me_oasis_lyrics_youtube.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.