Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffset.ru/strik?utm_term=starz+free+preview+on+hulu PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4494435/normal_5fbbb296b982d.pdfIn PDF document text
  • https://cdn.sqhk.co/gerukoso/bgjjdVY/sara_cooking_games_online_ice_cream.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4473419/normal_5fb8d8549ab3b.pdfIn PDF document text
  • https://tedisizizifem.weebly.com/uploads/1/3/4/2/134235801/bumokomitolip-bomabuxujer.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/950cbbff-412d-4d05-b6c0-6bfdaf042afe/st_elizabeth_hospital_youngstown_ohio_medical_records.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a6506316-3768-494d-b3b5-aad29be14710/67279463008.pdfIn PDF document text
  • https://s3.amazonaws.com/leguvefu/ganpati_atharvashirsha_free_download.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/86aa53ec-4d43-4a37-b33b-7fe0c48890e8/13023120175.pdfIn PDF document text
  • https://s3.amazonaws.com/memobofilenabon/bifomasuxevudimogifaper.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/75273dd1-874c-4b65-b8b2-f52b6cda2070/ufc_242_stream_free.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.