Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/123?utm_term=cardiorenal+syndrome+pdf

  • http://jenuxijaf.mygamesonline.org/the_complete_works_of_swami_vivekananda_drive.pdf
  • http://xeratigike.medianewsonline.com/texutilonuxudiwuturaro.pdf
  • https://cdn-cms.f-static.net/uploads/4451755/normal_601996fa97b01.pdf
  • https://static.s123-cdn-static.com/uploads/4454184/normal_60078c25d7bf5.pdf
  • https://static.s123-cdn-static.com/uploads/4467601/normal_5fe5bb42b4f98.pdf
  • https://static.s123-cdn-static.com/uploads/4447097/normal_5fe16b0d9e5f1.pdf
  • http://bixuvukulizolu.22web.org/resumen_de_el_libro_la_ciencia_de_hacerse_rico.pdf
  • http://dekagexagupeje.iblogger.org/film_habibie_ainun_2016_lk21.pdf
  • http://bafedudovodamo.medianewsonline.com/union_bank_cheque_book_request_form.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://gerekuvuburase.epizy.com/adda247_general_awareness_book.pdf
  • https://s3.amazonaws.com/tuxutedi/child_care_consent_form.pdf
  • https://30c0d994-bee2-4d79-bc91-d4aaa7251653.filesusr.com/ugd/0962d9_0120d1007d71474fa797e123e38c7b50.pdf?index=true
  • https://3d3b31fc-6152-41c7-b1d4-a4af3afcce63.filesusr.com/ugd/3f8d85_79d27a062a8a40e3a1022f3806594430.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c49b6350-0a57-4686-acff-30e7b5a1cfc2/how_best_to_describe_the_moon.pdf
  • https://uploads.strikinglycdn.com/files/e7c091b3-6c1b-403c-80dd-a1148cda27bf/vitamix_5200_blender_pitcher.pdf
  • https://11484d69-1612-41b9-9199-165df1f08223.filesusr.com/ugd/e2f197_85e3569acfef464c98048fe8f3f7c696.pdf?index=true
  • https://167c8e7b-8160-49a2-a88e-f26749d647c8.filesusr.com/ugd/1ad47d_26f5a1bf995c47b69343b9aa0927746e.pdf?index=true
  • https://9df6e0af-a028-4e88-91ba-61a1b37318d5.filesusr.com/ugd/7c1f05_d823ac2c994a48d087a136da73c4af37.pdf?index=true
  • https://s3.amazonaws.com/wobuzisibal/army_opord_back_brief_format.pdf
  • http://mimulumila.rf.gd/kuxikoxojipixugo.pdf
  • https://uploads.strikinglycdn.com/files/e2140648-9a15-4e3f-ba02-9b9ac1ad33c5/20823889819.pdf
  • https://uploads.strikinglycdn.com/files/e4612b23-d8a2-4511-8a2d-bbb4ccb7a0c4/does_charlie_die_in_flowers_for_algernon.pdf
  • https://uploads.strikinglycdn.com/files/a651d457-ba74-40b3-85ff-4571a71276d9/oster_turbo_convection_oven_instruction_manual.pdf
  • http://fofuxolisemaxim.epizy.com/how_much_do_cleaners_get_paid_per_hour_uk.pdf
  • https://s3.amazonaws.com/dusined/tropical_house_2019.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.