Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/strik?utm_term=stuntman+ignition+ps2+cheats

  • https://cdn.sqhk.co/zudilubal/0Qlge33/lenovo_star_wars_jedi_challenges_ar_bundle_amazon.pdf
  • https://gogabaxada.weebly.com/uploads/1/3/4/8/134852864/8526847.pdf
  • https://kelunegitafisi.weebly.com/uploads/1/3/4/6/134625524/4765548.pdf
  • https://wezobugedelu.weebly.com/uploads/1/3/1/8/131856743/ruwumub_fovisim_bufurowukebo.pdf
  • https://pesakezered.weebly.com/uploads/1/3/4/7/134729162/b8785778fe5f.pdf
  • https://virusogodunaf.weebly.com/uploads/1/3/4/7/134762125/8149710.pdf
  • https://cdn.sqhk.co/kozuvurop/cghhguO/vh1_tv_schedule_now.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/ba31093d-f9ee-403e-9790-31cfe05261ca/2007_chevy_silverado_1500_owners_manual.pdf
  • https://s3.amazonaws.com/petubapizo/national_act_test_dates_2020_2021.pdf
  • https://uploads.strikinglycdn.com/files/c32dac93-0efa-4812-855b-e5ee3862f540/3222136486.pdf
  • https://uploads.strikinglycdn.com/files/f5890ad4-bc72-42ab-b485-5c75e1b8dee4/44614941224.pdf
  • https://uploads.strikinglycdn.com/files/a92dcd23-3ace-4b86-883b-f2d80cefd13b/pokotinigorovilok.pdf
  • https://uploads.strikinglycdn.com/files/4012cb83-6752-46f8-93f7-41616616fcb7/mawuvesotuf.pdf
  • https://uploads.strikinglycdn.com/files/a874d705-3466-4875-8e1c-372baf86300f/naboxaz.pdf
  • https://uploads.strikinglycdn.com/files/358d94ad-ebdf-441d-aea5-4cb06401b7dc/3155765347.pdf
  • https://s3.amazonaws.com/ruzaganog/assault_android_cactus_free_pc.pdf
  • https://s3.amazonaws.com/sonutopexaramuf/cisco_2960xr_datasheet.pdf
  • https://s3.amazonaws.com/vuliwisuwig/33709322018.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.