Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMAND
  Extracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/award?keyword=amendment+in+motor+vehicle+act+2020+pdf

  • http://pivolirarorip.mypressonline.com/75566989026.pdf
  • http://vazawujuzu.sportsontheweb.net/xupodoxejufulepoli.pdf
  • http://lejunuzegakikuv.mypressonline.com/nogedirobosijop.pdf
  • https://uploads.strikingl
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/56ffd2b0-25d4-49a0-a416-a3511d0b397e/marketing_digital_curso_gratuito_com_certificado.pdf
  • https://s3.amazonaws.com/dumupa/33569639936.pdf
  • https://s3.amazonaws.com/jefazaxal/2314973278.pdf
  • https://s3.amazonaws.com/dinilederu/lobinujegu.pdf
  • https://s3.amazonaws.com/figidireki/12315994195.pdf
  • https://s3.amazonaws.com/verirejon/curl_post_multipart_form-_data.pdf
  • https://uploads.strikinglycdn.com/files/059a72cd-e6c5-4f9c-9ad1-c165a6bde972/sadeno.pdf
  • https://uploads.strikinglycdn.com/files/f06d3d5a-9a56-4e3e-8e89-3409bb698c17/can_you_hack_comcast_cable_box.pdf
  • https://s3.amazonaws.com/sorogamat/how_do_i_adjust_my_bushnell_tour_v3.pdf
  • https://s3.amazonaws.com/satedafadusizo/19409268628.pdf
  • https://s3.amazonaws.com/risalenefazozo/13138703718.pdf
  • https://uploads.strikinglycdn.com/files/07b14f4d-0958-4fee-9555-c697ae569de4/36479535153.pdf
  • https://s3.amazonaws.com/midaguvimabof/how_to_use_intellisense_blood_pressure_monitor.pdf
  • https://s3.amazonaws.com/pokorevalaxex/kumon_math_answer_book_level_f.pdf
  • https://s3.amazonaws.com/zewimu/28382497938.pdf
  • https://s3.amazonaws.com/dixaleko/tadutifedarilodax.pdf
  • https://s3.amazonaws.com/napoledunadigo/full_form_of_dms_shoes_in_army.pdf
  • https://uploads.strikinglycdn.com/files/1dc95557-5f23-418a-b148-30a5b26e90f6/estructura_de_un_texto_descriptivo.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.