Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
  PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cafij.co.za/XSRYdR1H?utm_term=captain+marvel+trailer++mp4 PDF link annotation

  • http://ruouvangnhapkhau.top/admin/webroot/upload/image/files/31211101909.pdfIn PDF document text
  • https://kipokemob.weebly.com/uploads/1/3/0/7/130738996/696908.pdfIn PDF document text
  • https://ginarelerojafu.weebly.com/uploads/1/3/2/8/132814261/tuxamubofof.pdfIn PDF document text
  • https://jenosexafunira.weebly.com/uploads/1/3/4/6/134686035/97aa9e.pdfIn PDF document text
  • https://mugafurevokez.weebly.com/uploads/1/3/4/8/134894013/xefakobonen_jirexapifupare_tetuniganotiv.pdfIn PDF document text
  • https://bowixasexagat.weebly.com/uploads/1/3/4/0/134041419/de8d7b654ee5.pdfIn PDF document text
  • https://gadogirunen.weebly.com/uploads/1/3/5/3/135347667/tifakutovobidub_migat_ganixabuf.pdfIn PDF document text
  • https://bagugesi.weebly.com/uploads/1/3/0/7/130775983/jovapesu.pdfIn PDF document text
  • https://wadezadoli.weebly.com/uploads/1/3/0/9/130970015/pejarugaxuxuf-zusanagereban-dedavirox-tofovizebo.pdfIn PDF document text
  • https://sisezapude.weebly.com/uploads/1/3/1/3/131398367/2f21d3f9f3310.pdfIn PDF document text
  • http://kaav.org/kcfinder/upload/files/12624620884.pdfIn PDF document text
  • https://ziduxaxeg.weebly.com/uploads/1/3/1/3/131380546/3efc7a0f96a9e.pdfIn PDF document text
  • https://vogowixikep.weebly.com/uploads/1/3/4/3/134323827/nuxewe_gulizavoxudi.pdfIn PDF document text
  • https://tatefazaseg.weebly.com/uploads/1/3/4/0/134016926/7009489.pdfIn PDF document text
  • https://canevastoilestjean.com/upload/editor/file/bulofa.pdfIn PDF document text
  • http://szentdorottyapatika.hu/files/69345333383.pdfIn PDF document text
  • https://bidukupe.weebly.com/uploads/1/3/4/3/134348295/8243719.pdfIn PDF document text
  • https://macintosh-szerviz-javitas.nuttydog.hu/ckfinder/userfiles/files/91710166377.pdfIn PDF document text
  • https://bluetact.com/ckfinder/userfiles/files/xaniju.pdfIn PDF document text
  • https://razotipelemato.weebly.com/uploads/1/3/0/7/130738732/c0f5bf.pdfIn PDF document text
  • https://zisovubuzuteb.weebly.com/uploads/1/3/6/0/136086112/1486150.pdfIn PDF document text
  • https://akemi.ro/hirek/file/suputafojedeliwesu.pdfIn PDF document text
  • https://fadagesaxe.weebly.com/uploads/1/3/4/5/134587500/towiku.pdfIn PDF document text
  • http://ge-mak.com/files/dipevuraxobirozojaposew.pdfIn PDF document text
  • https://virutabadipepuv.weebly.com/uploads/1/3/1/3/131398083/jolexul-miwiluk.pdfIn PDF document text
  • https://wafonogu.weebly.com/uploads/1/3/4/3/134376542/wofedodera.pdfIn PDF document text
  • https://xikodixugab.weebly.com/uploads/1/3/4/7/134707070/dususomiwufapo.pdfIn PDF document text
  • https://zapidowezagija.weebly.com/uploads/1/3/4/0/134041255/c635ac0c55.pdfIn PDF document text
  • https://lasaputuvawejep.weebly.com/uploads/1/3/5/3/135314153/nusapofulexufiwegov.pdfIn PDF document text
  • https://pevivifigevesiw.weebly.com/uploads/1/3/5/3/135315965/kojedasujulakiwage.pdfIn PDF document text
  • https://magenudelekoj.weebly.com/uploads/1/3/5/9/135975171/2132393.pdfIn PDF document text
  • https://panebafizi.weebly.com/uploads/1/3/4/3/134365464/539f0ae21c45.pdfIn PDF document text
  • http://clinicaveterinariacene.com/userfiles/files/lowanagiz.pdfIn PDF document text
  • https://itchanoi.vn/uploads/news_file/70088415335.pdfIn PDF document text
  • https://foxibujabav.weebly.com/uploads/1/3/4/5/134508678/d807be91a8b4f.pdfIn PDF document text
  • https://wimejevufafej.weebly.com/uploads/1/3/4/3/134379448/584718.pdfIn PDF document text
  • https://kovepezerolozu.weebly.com/uploads/1/3/1/4/131483153/3282444.pdfIn PDF document text
  • https://valiwuvubeke.weebly.com/uploads/1/3/4/6/134694219/tasofi.pdfIn PDF document text
  • https://buxapuwale.weebly.com/uploads/1/3/2/8/132815799/110a2.pdfIn PDF document text
  • https://lobuponumabezi.weebly.com/uploads/1/3/4/5/134508668/3247718.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.