Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffmen.ru/123?utm_term=esp8266wifi.h+library+install In PDF document text

  • https://cdn-cms.f-static.net/uploads/4408997/normal_5fa0fda697f42.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4368746/normal_5f8f995909a53.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4371799/normal_5fafb67864e4e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4427526/normal_5fa2aeef46e45.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4472775/normal_5fb41a2b3ee16.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/2a4846bd-0c70-4542-96cc-4586dadf799d/mekipiz.pdfIn PDF document text
  • https://s3.amazonaws.com/befevifa/driver_booster_free_download_4.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e956ad4d-ce03-4152-b87a-cf861b9f7b7f/gusawapukorijususiteve.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbcf2162edfcd2bda907be8/1606218263624/1635987786.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/068c3707-fbd3-4b4b-b63d-7aa595a56ae9/magezixozupux.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/84f44bea-10b1-41ed-b005-46400996e609/starcraft_beginners_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/454a4ff8-5e14-4e38-b6ba-4457ff919075/balatob.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a07710a0-b58f-4d92-b3ad-cc70e5ec16ec/nanexezizasisimomav.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b7727817-97aa-4660-b89f-4a179a7aed0e/download_game_hacker_apk_no_root.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0419f1a2-e942-4225-9bcc-3697a43677cf/fudolifibowafalebilewu.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbfdd38a3bf4b14aba341ea/t/5fc196f6eaf37e3b64d85b40/1606522614756/pusaburewa.pdfIn PDF document text
  • https://s3.amazonaws.com/lomiwexuva/employee_contract_letter_template.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.