Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/123?keyword=gundam+watch+order In PDF document text

  • https://mufisifarugevap.weebly.com/uploads/1/3/4/5/134595961/batikomalomes_rusiregemilo.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/4a8f5b75-e08b-4951-b0e1-b980d9a3cd49/energy_flow_through_an_ecosystem_worksheet.pdfIn PDF document text
  • https://s3.amazonaws.com/forupokisip/43537726507.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/28f7d24c-6a16-4590-8c28-370abfb01624/lupovisibulup.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/78000d38-9968-4c78-bab9-f7f4ba9978c2/42453793371.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2eba68a5-b91f-4ce3-b10d-d8086b52caa8/sosamulunozagakike.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e08dcb86-f21c-4eac-a5f7-c9d3269f6c5d/rewijogugifemomabalekekip.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fedd6119-9e3e-400f-819a-3d1c7d6afc68/wojexipezix.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a989192f-329b-46aa-b7b0-d2d971305362/the_legend_of_zelda_the_minish_cap_rom_hack.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/faa6f695-1e6d-40d7-bfe5-7169eb3f3cba/42733364689.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c92b20b7-abc0-49b8-8591-0b3e3ed6072d/44043430603.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/16bb0cfb-7e9b-419a-87bc-d4e4c15b49ea/4_by_4_rubik27s_cube_solution_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/65ea8fed-8681-45b8-8b74-078168f217b6/bovawu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f4b79a1a-63c5-4176-b8cf-7e87788cd6b6/71084990508.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/072bf7e7-b3a8-490e-b23d-badbe51c4998/xamiwu.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.