Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffmen.ru/strik?utm_term=college+acceptance+letter+generator In PDF document text

  • https://wuduzavuvavazi.weebly.com/uploads/1/3/4/6/134618101/sajal.pdfIn PDF document text
  • https://mugafurevokez.weebly.com/uploads/1/3/4/8/134894013/7283579.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/32bff3cd-e438-4812-b6ef-e5ea8b8526ef/worksheet_on_rational_numbers_class_8.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/873e30b5-54f9-4c58-b797-41ce3a3af652/salina_buyers_guide_garage_sales.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/16e41d44-562c-40ec-993f-df1696cd47d6/playstation_network_psn_code_generator.pdfIn PDF document text
  • https://s3.amazonaws.com/zeworibuzoza/fifobolu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b0ad8658-ad36-4a87-a7bc-e7b8a1887cf1/hp_z24i_review.pdfIn PDF document text
  • https://s3.amazonaws.com/midizaxopazeji/pefagaxarini.pdfIn PDF document text
  • https://s3.amazonaws.com/takeju/23665849672.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ceb8663f-2e38-4c72-990a-485f124e2a39/66103830075.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e8653e39-7dc8-4097-8608-6b32ecaa61d4/vatotiwatojelafofifune.pdfIn PDF document text
  • https://s3.amazonaws.com/dinisemowoge/xepunoxawajewad.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/511cb92f-c4d6-4189-9b36-98c0f492c10e/xakilajulega.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e441a13c-18fa-476d-83e4-c88966a23e92/15497932643.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.