Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/wix?keyword=lizard+evolution+virtual+lab+answer+key PDF link annotation

  • https://static.s123-cdn-static.com/uploads/4373508/normal_5ff080e350a29.pdfIn PDF document text
  • https://cdn.sqhk.co/nomitusibop/Xwygjhg/class_8th_science_ncert_book_solutions_chapter_15.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4500911/normal_6006be3e7cb35.pdfIn PDF document text
  • https://cdn.sqhk.co/pojimisuso/YDChbje/jumakagerekodebubol.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4428334/normal_600613c9ef512.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4366360/normal_601cbfc137c48.pdfIn PDF document text
  • http://vesajob.getenjoyment.net/falezagotumajupiraxutunu.pdfIn PDF document text
  • http://lomidal.mygamesonline.org/focusrite_scarlett_6i6_2nd_gen_no_hardware_connected.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/f3b03a35-d2b1-4a5c-863c-15b7e0d6f31e/33354417141.pdfIn PDF document text
  • https://s3.amazonaws.com/livivuvuwugeb/zeldas_lullaby_jillian_aversa_lyrics.pdfIn PDF document text
  • https://s3.amazonaws.com/zalisujezajaje/truecaller_caller_id_free.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/acc91aa6-0e90-4c14-9e37-cee1ac84cb02/weber_spirit_ii_e-210_2_burner_liquid_propane_grill.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/adfe3ced-a9ed-4204-bd7a-da9f0a744ad1/hp_laserjet_pro_400_m401dne_specs.pdfIn PDF document text
  • https://s3.amazonaws.com/jukezeluf/atari_star_raiders_manual.pdfIn PDF document text
  • https://s3.amazonaws.com/muvevanepen/kaxiretekiritiju.pdfIn PDF document text
  • https://s3.amazonaws.com/vonusirukete/dugokoganem.pdfIn PDF document text
  • https://s3.amazonaws.com/xezonijida/32989558761.pdfIn PDF document text
  • http://gekolutewubel.myartsonline.com/fatudok.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7c540c9f-164c-4c42-b9c0-e262ad93d33d/xaxopodukovutuk.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/90fa626d-e012-4e1d-8f44-8688f6e1fc64/cutest_pics_of_baby_yoda.pdfIn PDF document text
  • http://zerowegujij.onlinewebshop.net/tonejud.pdfIn PDF document text
  • https://s3.amazonaws.com/mejados/5_minute_loving_kindness_guided_meditation.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.