Malicious PDF — malware analysis report

Heuristics 3

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/aws?utm_term=quiz+logo+game+answers+level+3+usa

  • https://sobopagugakevul.weebly.com/uploads/1/3/4/8/134881985/rakomud_jodifosumobewu_kanerurisem.pdf
  • https://zafozudakajadev.weebly.com/uploads/1/3/0/8/130814863/xujewonagamaxu.pdf
  • https://jukafubu.weebly.com/uploads/1/3/0/8/130874261/276400.pdf
  • https://pojarepuvoweru.weebly.com/uploads/1/3/3/9/133999230/7367601.pdf
  • https://s3.amazonaws.com/jepinebawo/l_blends_sort.pdf
  • https://uploads.strikinglycdn.com/files/ef70c4d7-dee1-4385-8f4d-a8ccf52ed477/gana_sudhakar_video_song_download.pdf
  • https://uploads.strikinglycdn.com/files/68d5e60e-c026-463d-b5ff-1f4fb22287d8/under_penalty_of_perjury_in_spanish.pdf
  • https://s3.amazonaws.com/dejolavubukugeb/bas_bajna_chahiye_gaana_ringtone.pdf
  • https://uploads.strikinglycdn.com/files/25aa4be5-d96e-4d5e-ba1f-88199e2da25c/73688137062.pdf
  • https://uploads.strikinglycdn.com/files/326f0556-9958-4863-886e-71bafa6aab13/high_density_fiberboard_home_depot.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.