Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/strik?utm_term=ludo+king+online+cash+game In PDF document text

  • https://cdn-cms.f-static.net/uploads/4469617/normal_5fb2be17b1051.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4370764/normal_5f9f313ed9649.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/988f74f2-350c-492e-ade1-8fee62b34ba0/contrast_the_terms_ecology_and_environmentalism.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f867d409-2e2e-4d59-9cb0-ec536181eedd/crosman_1322_trigger_upgrade.pdfIn PDF document text
  • https://s3.amazonaws.com/tuxutedi/afules_correct_spelling_answer.pdfIn PDF document text
  • https://s3.amazonaws.com/polojuliragam/khufra_skill_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/582db202-42fb-4300-86b2-4fe026388d06/scientific_method_data_analysis_worksheet.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/61c28aa0-ac05-4fec-b310-96c79b9bc14b/62340646656.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e32963c9-78f4-4c36-86cf-cd8c82617d6a/98790119295.pdfIn PDF document text
  • https://s3.amazonaws.com/tubupejevomo/aspirina_protec_en_el_embarazo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e1e721f2-5ff0-4385-a88b-e50cb45ea508/vexapumewise.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/00180503-bdad-45cc-9057-93724be8bd56/dogodude.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4aa03dbe-d874-41ca-bf3d-0e3640e652d1/87750708300.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ecbe1a5e-5620-43cb-bc93-e4d9591ecd75/45615682923.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.