Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/aws?utm_term=%25C3%25BCbungen+active+passive+englisch+pdf

  • https://wavuvavezexa.weebly.com/uploads/1/3/0/7/130775629/9f3901.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/53f74bfc-c26b-4984-a0fd-a3facb6619f1/tazusabo.pdf
  • https://uploads.strikinglycdn.com/files/72156c15-3d25-4d13-8852-f6af0fc64a21/gecenin_sonuna_yolculuk_zet.pdf
  • https://uploads.strikinglycdn.com/files/0f5a1b3e-e762-42fd-b966-398162b6f40c/magnus_chase_book_2.pdf
  • https://s3.amazonaws.com/tetazino/22028738540.pdf
  • https://uploads.strikinglycdn.com/files/ad1cc12f-815b-4e71-aa19-9e861dedc5a5/telf_joolam_wow.pdf
  • https://uploads.strikinglycdn.com/files/5945cf94-ab2f-4142-b35a-28ff241adb6b/28714137354.pdf
  • https://uploads.strikinglycdn.com/files/d41f1a7b-d247-4869-aacd-1f0b3c3557ec/zikod.pdf
  • https://uploads.strikinglycdn.com/files/87f9ab84-7a87-4117-8b9f-ab59b0baf7fc/76357605893.pdf
  • https://uploads.strikinglycdn.com/files/037f0aa2-ec84-44a4-824f-a8e59ac98f15/muscle_and_a_shovel_summary.pdf
  • https://uploads.strikinglycdn.com/files/9602f7c9-9355-4d12-9bea-15247b96b2eb/davawuvopasaj.pdf
  • https://uploads.strikinglycdn.com/files/75e9b117-6797-43f9-9d8c-575d486f316d/the_world_s_easiest_game_ever_cat.pdf
  • https://s3.amazonaws.com/jadudusujuje/98216664173.pdf
  • https://uploads.strikinglycdn.com/files/efb34cf7-3756-45e3-b614-8145052c4231/sudodo.pdf
  • https://uploads.strikinglycdn.com/files/83278e9c-56d8-4b61-a1cc-c4834ea2a140/cambridge_ingilizce_okuma_kitaplar.pdf
  • https://uploads.strikinglycdn.com/files/cf245b0b-a241-4fa3-b5a4-25bd398dd82f/pujexebin.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.