Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://trafffi.ru/strik?utm_term=simply+jesus+nt+wright+pdf PDF link annotation

  • https://miremewokar.weebly.com/uploads/1/3/0/7/130738658/1c450438a3a.pdfIn PDF document text
  • https://taruzabob.weebly.com/uploads/1/3/4/4/134493447/2b0bc5caf.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/2cc8fb00-4c03-4384-a053-3949275ae537/wozalezijinere.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6217dc07-a6f2-4b93-a79d-dbb7c968a85c/52860621733.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/63d14bcb-d60b-4754-a506-889f8c41a4e2/rpg_maker_vx_ace_horror.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0e99fa13a450babf41659/t/5fca872c34e0ed4335f6bc5f/1607108396756/21265697798.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4b46b260-66e2-41aa-864d-3bdc21ac2561/80630510083.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b0259c05-dbca-4c2c-b713-4807724044d5/analyzing_dna_fingerprints_worksheet_answers.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e01bd3d4-2a81-4f06-87f9-d4820269232f/jodigasufedegebowo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/dcd39d19-2cf7-4280-83b1-9e7bcee94806/pipifikomoga.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc12ec9f7cf8c75402cc175/t/5fc637c108845d09245e4c60/1606825921761/mejivatojebofivagupatij.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/40c40e98-78db-4f4d-895b-c999163a0930/simplifying_and_evaluating_expressions_worksheet.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ac279191-2e4a-4d16-b91b-a210e62b2305/28841473752.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e813bce9-0eeb-4780-8c69-491c2e2df270/99770262372.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.