Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/wix?keyword=iowa+high+school+football+rankings

  • http://tinesemexogo.mygamesonline.org/197965006.pdf
  • https://cdn.sqhk.co/noxibogalu/gfjebFr/sonic_hedgehog_minecraft.pdf
  • https://cdn.sqhk.co/kitujesijak/Jjco88g/mafia_city_cheat_codes_android.pdf
  • https://cdn.sqhk.co/zebenane/jp8idgi/32983430355.pdf
  • http://zukoretevir.medianewsonline.com/architectural_working_drawings_detail_drawings.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/6ecff994-9a8e-4b42-857d-ee0d6c8e069b/safe_haven_adt.pdf
  • https://s3.amazonaws.com/jeponowon/8904127087.pdf
  • http://duxepivol.myartsonline.com/autocad_2020_shortcut_keys_for_commands.pdf
  • https://uploads.strikinglycdn.com/files/3f10120c-b4c4-4828-b369-fe99feac27d3/sozisor.pdf
  • https://s3.amazonaws.com/gogoxowiniza/xadigegibo.pdf
  • https://s3.amazonaws.com/lukepepe/how_search_google_with_a_picture.pdf
  • https://uploads.strikinglycdn.com/files/310fd60a-dfb7-4773-969f-5258f8d57212/14486072364.pdf
  • https://uploads.strikinglycdn.com/files/538a14de-8321-4664-a114-a8050c7a1bc0/92402879102.pdf
  • https://s3.amazonaws.com/jexijer/piwux.pdf
  • https://uploads.strikinglycdn.com/files/bd70af94-5b09-4eae-b752-b9b73ff4d1b1/92059992980.pdf
  • https://uploads.strikinglycdn.com/files/b3a70ff6-02ef-4a61-96f4-e1b2b5084a7e/kingdom_manga_628_release_date.pdf
  • https://s3.amazonaws.com/sajatofubote/20234126075.pdf
  • https://uploads.strikinglycdn.com/files/4c430b2a-5d59-4ac1-be0f-476fc9eaa48e/internal_auditing_standards_for_the_philippine_public_sector_manual.pdf
  • https://uploads.strikinglycdn.com/files/0d9c1aa8-bf14-46fb-b0de-fe301e63c78b/powepo.pdf
  • https://uploads.strikinglycdn.com/files/599b55ad-e52e-423e-9d50-78ee4ea31302/71738652851.pdf
  • http://zitasixan.atwebpages.com/62863108557.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.