Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/aws?utm_term=charlie%2527+s+angels+movie+2019+parents+guide In PDF document text

  • https://cdn-cms.f-static.net/uploads/4374843/normal_5f8914fbe96d5.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/c5047163-6dd3-47fd-b3ce-4c63f51e7ca9/blowin_smoke_shop_lecanto_fl.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/af2a55c6-2324-45c5-b183-0bf8014c7f83/bankersadda_monthly_current_affairs_in_hindi.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fcdf665e68b41342baa4c43/t/5fceee1c8b174454e992751a/1607396896929/ear_wax_removal_walk_in_clinic_near_me.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0f24c403f5353fd95fd42/t/5fc162ca3c6ccf69f3921541/1606509258704/1176957741.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc7ad01849d1727bc13d9ef/t/5fd60d99034a586a4f3a0d37/1607863706265/android_smart_phones_below_5000_4g.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0b63bab79f442f228a4c9/t/5fc17a0f3570fb44d13a9d41/1606515216917/wowesotujaxujanovurisu.pdfIn PDF document text
  • https://s3.amazonaws.com/rufonali/view_instagram_private_free.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0d8d024b06a7eb3fedc56/t/5fc218ba9d79364840d5732f/1606555835048/bowman_3_unblocked.pdfIn PDF document text
  • https://s3.amazonaws.com/nefunupu/customizable_bookmark_template_free.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8e4e3a2c-940f-4077-946b-473d964cfb71/vopisavu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c3403755-ef5f-47bc-beea-1376862a875c/72728673163.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0e92a0a2757459be2ed0b/t/5fc1c6463570fb44d144a401/1606534732608/pawarajoxufab.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc295592e34347c704ee7b0/t/5fc662497acac6192a9ccf1c/1606836809931/my_talking_cat_koko_mod_apk_old_version.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc007c924b06a7eb3fa3bc3/t/5fc6ef27a038a451bcdf924a/1606872872428/58833495921.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.