Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/award?keyword=la+casa+de+bernarda+alba+pdf+cervantes+virtual PDF link annotation

  • https://cdn.sqhk.co/nokowifupe/VHBfjgF/zonifatutet.pdfIn PDF document text
  • https://cdn.sqhk.co/mapuvokunoj/HD7ihjc/28638906739.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4426701/normal_602b61536b3fc.pdfIn PDF document text
  • https://cdn.sqhk.co/salusasopuvi/jhgdEib/music_landing_page.pdfIn PDF document text
  • https://cdn.sqhk.co/lekuruzomef/hj3wbnL/25th_amendment_in_constitution_of_pakistan.pdfIn PDF document text
  • https://cdn.sqhk.co/narulaloro/eihH0L7/weapon_masters_roguelike_mod_apk.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4460460/normal_5fe61f39cbfc2.pdfIn PDF document text
  • https://cdn.sqhk.co/muditazu/chdijgc/34403486058.pdfIn PDF document text
  • https://cdn.sqhk.co/luwesefizi/hgshhfJ/pool_service_professionals_llc.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4376874/normal_5ff1fc5dcc5c8.pdfIn PDF document text
  • http://fontawesome.iohttp://fontawesome.io/license/In PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://scripts.sil.orgThisIn PDF document text
  • http://www.thdl.org/http://www.thdl.org/TibetanIn PDF document text
  • http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
  • http://smc.org.inhttp://smc.org.inIn PDF document text
  • http://www.opentle.orgIn PDF document text
  • http://www.indictrans.orgIn PDF document text
  • http://www.fontrix.comhttp://www.nhncorp.comIn PDF document text
  • https://s3.amazonaws.com/muvarelo/understanding_business_11th_edition_ebook.pdfIn PDF document text
  • https://d1159ab4-cbf5-42eb-897b-83a5e94cd7da.filesusr.com/ugd/536122_85bb143d17e34bcfa388b52af14113f9.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/sinadi/95650230985.pdfIn PDF document text
  • https://a6668164-4238-4e0d-addb-cc4c62f58fca.filesusr.com/ugd/2dfcca_2f8f3674883247109057a1f4131d8d3f.pdf?index=trueIn PDF document text
  • http://bazolajeruda.rf.gd/ncis_new_orleans_the_river_styx_part_ii_cast.pdfIn PDF document text
  • https://37bdae34-bb2f-403f-997c-54a7c09d9c06.filesusr.com/ugd/dc98cc_e485a90da3934285aa052837da8b08db.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/kovozenamofox/bekapakebopedonaruluxezer.pdfIn PDF document text
  • http://zanebinelit.rf.gd/asymptotic_form_of_airy_function.pdfIn PDF document text
  • http://posidepixofonep.epizy.com/a2_reading_comprehension_practice_test.pdfIn PDF document text
  • https://s3.amazonaws.com/ruzumeb/android_handler._callback_handlemessage_return_value.pdfIn PDF document text
  • https://7ef5d8b8-74ac-4e0a-b0a0-fa61ca6462a8.filesusr.com/ugd/23e9be_87ec8a1d06b8410c90b05a4761e1c819.pdf?index=trueIn PDF document text
  • https://025b4bf0-2906-4f5f-8a0f-6d4b68fc9518.filesusr.com/ugd/148ee2_9cb55c726cbc42b3a03e768bc7ded009.pdf?index=trueIn PDF document text
  • http://nanebovovut.epizy.com/pattern_recognition_and_machine_learning_christopher_bishop_download.pdfIn PDF document text
  • https://s3.amazonaws.com/mupukesunobaga/54363387821.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
  • https://savannah.gnu.org/projects/freefont/In PDF document text
  • http://www.gnu.org/licenses/In PDF document text
  • http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://scripts.sil.org/In PDF document text
  • http://scripts.sil.org/OFLAbyssinicaIn PDF document text
  • http://www.gnu.org/copyleft/gpl.htmlTibetanIn PDF document text

  +2 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.