Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
  Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/wix?keyword=windows+netstat+listening+ports+filter

  • http://starkrobotics.org/in_christ_alone_brian_littrell_piano_sheet_music212a2.pdf
  • http://formblckr1.xyz/semafotuwutivaiq96n.pdf
  • http://top-odejda.com/how_to_play_mind_games_with_a_gemini_manysqb7.pdf
  • http://vazutiz.iblogger.org/mixture_and_alligation_problems.pdf
  • http://sallles.ru/84318596046n2ugs.pdf
  • http://thelait.pro/1107486096lr8m8.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://roxoretubobo.rf.gd/ketafa.pdf
  • http://zulexesovo.epizy.com/powered_by_android_tv.pdf
  • http://papetamunamu.epizy.com/nowosuvejigulopilonex.pdf
  • http://mapelapelebiben.rf.gd/what_is_benefit_of_hypophyseal_portal_system.pdf
  • http://nesaketesimifu.rf.gd/rizojurixojusovusigak.pdf
  • https://uploads.strikinglycdn.com/files/9e22dc04-f783-412a-8ec6-4c64449ce668/what_is_an_ivr_pin_presto_card.pdf
  • https://uploads.strikinglycdn.com/files/7cf03b73-0de2-491b-9963-07a605c443e2/8723499402.pdf
  • https://uploads.strikinglycdn.com/files/93f9ab55-f0ce-41ab-87af-d491b4bf1d13/which_is_the_best_book_for_python_beginners.pdf
  • https://2489a575-72f7-492f-b117-28cfe4a4d2a3.filesusr.com/ugd/d81705_05953c8bbbd54f179b6da171356a7a7d.pdf?index=true
  • http://wogalukufizoma.epizy.com/godowsky_java_suite_sheet_music.pdf
  • https://562c2315-396f-49d1-9e45-1236e049cb13.filesusr.com/ugd/ec0012_c119ea2a3f2c4aca8e61a4cd93f48252.pdf?index=true
  • https://79f67b98-100a-41ac-8a2f-4880133f117e.filesusr.com/ugd/f12c90_96c608c90b014127adbac80d3cea63a2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/6c1b1fd2-1e4e-4e50-b296-b8ef13340811/99239778492.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.