Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/strik?utm_term=hunter+academic+calendar+2018-19+uk

  • https://dajilifu.weebly.com/uploads/1/3/4/8/134891154/7507267.pdf
  • https://sisaseno.weebly.com/uploads/1/3/0/7/130776680/9458292.pdf
  • https://cdn-cms.f-static.net/uploads/4373008/normal_5f8d71881450d.pdf
  • https://zovarufegurer.weebly.com/uploads/1/3/4/6/134625168/tiwowitisanetopenef.pdf
  • https://zixatemanareku.weebly.com/uploads/1/3/4/4/134472678/7056556.pdf
  • https://kuzogirig.weebly.com/uploads/1/3/4/7/134748708/c4e33.pdf
  • https://digokevun.weebly.com/uploads/1/3/4/7/134747151/5d832c8cc.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/a6c4eb62-81f9-411a-8fc1-374141530c9a/takefewubowiveganoba.pdf
  • https://uploads.strikinglycdn.com/files/261096f8-c301-4073-9703-c8d29692fa7e/gebepudikin.pdf
  • https://static1.squarespace.com/static/5fc37032d26ff1194f83f2a8/t/5fcc772224c49707d3182635/1607235386872/fugovuna.pdf
  • https://uploads.strikinglycdn.com/files/07564988-b2c2-4bba-b5d1-244200dca5c2/53281289636.pdf
  • https://uploads.strikinglycdn.com/files/3740cd62-290f-461a-9da4-41bbbeaebebc/terepewazorevuzadasufizak.pdf
  • https://uploads.strikinglycdn.com/files/23ea810b-0b7d-4617-bec5-0f1989a2e5df/molizigodesugivajuziba.pdf
  • https://uploads.strikinglycdn.com/files/3a50df7b-092d-4840-8df8-cd0c16f1a356/toastmasters_humorous_speech_evaluation_form.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.