Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dafemum.ru/award?keyword=the+african+union+agenda+2020+pdf In PDF document text

  • https://cdn.sqhk.co/wifinalimow/9jdNigE/steam_price_tracker_cn.pdfIn PDF document text
  • http://moitender.org/veziwatidowexoremeriokzzw.pdfIn PDF document text
  • http://claire-irk.ru/53782130371zbijc.pdfIn PDF document text
  • https://cdn.sqhk.co/rejiwosujupa/NX3hdib/unblocked_games_66_at_school_basketball_legends_halloween.pdfIn PDF document text
  • https://cdn.sqhk.co/dukasavubu/eKhjtGj/radiologist_technician_schooling.pdfIn PDF document text
  • http://driveformclanemilwaukee.com/paper_doll_templaterij2s.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://d0fd53c2-66a5-49f7-a942-a4bfc50892a3.filesusr.com/ugd/11baf9_585b39becb1545758b9414a78cdac550.pdf?index=trueIn PDF document text
  • https://ba428ff1-d53d-4eb5-bdb2-cc960067f420.filesusr.com/ugd/7041e4_ab116ad339eb47ff919685ce86a6a149.pdf?index=trueIn PDF document text
  • https://3745348a-78a0-42d7-8ff4-af2b45bf5faf.filesusr.com/ugd/02631b_d870b91ba7ce4721be5d2f1478b27370.pdf?index=trueIn PDF document text
  • https://42190e62-4dca-482d-a077-ae7b222d7779.filesusr.com/ugd/b91392_bce6f6a22b274afa9e95656221c3205f.pdf?index=trueIn PDF document text
  • https://9c789f27-b70c-4c9d-9e83-211ee8f99b38.filesusr.com/ugd/bdeb4c_e3cf527d3ab546bcb0fdd550d7393d03.pdf?index=trueIn PDF document text
  • https://8b2103c5-345b-48fd-98e3-f19c90c4efd0.filesusr.com/ugd/0e2875_a3cad48423bd432aa6b0b10f3513b697.pdf?index=trueIn PDF document text
  • https://9a1eab6f-da2d-4a41-99bb-18a59f11b130.filesusr.com/ugd/c2b690_26c3f3e599fc41e5a6c2cde0bd30d318.pdf?index=trueIn PDF document text
  • https://44034db3-6cdd-4729-adf3-7ccd6afcf354.filesusr.com/ugd/9fe9cc_f551f0f02dcf4dc9a55c1b307f92cfd5.pdf?index=trueIn PDF document text
  • https://923a8ca3-316b-4844-b38f-9bc955ad4852.filesusr.com/ugd/312e0e_057a9d5b91504f69802a82f670c906b9.pdf?index=trueIn PDF document text
  • https://a96990da-dd17-4b11-844c-aba2d588d1b6.filesusr.com/ugd/5e5e7b_0d6fcdbb1137430bb50e3eba9a814690.pdf?index=trueIn PDF document text
  • https://03df74f7-894d-4c84-999e-da2b33eb06f5.filesusr.com/ugd/4c7733_c640d0be59c04d758501cc1f6fc0becc.pdf?index=trueIn PDF document text
  • https://d9226533-59f4-4737-ae77-cfa9cdee5378.filesusr.com/ugd/d7c203_d01b4c6d9a9f4c1f99771e03925ebaf3.pdf?index=trueIn PDF document text
  • https://85d2c5a2-fc31-4f76-86b4-4ebe2abe2bf4.filesusr.com/ugd/a8cc01_05c2422020f4412680efc29d97d29ef5.pdf?index=trueIn PDF document text
  • https://40052bae-d6b0-4be3-9c84-96956a804c69.filesusr.com/ugd/32907c_6e64863d47464c2b94ffa564af58955a.pdf?index=trueIn PDF document text
  • https://4b523d79-2bc6-404f-8e52-0acae4d2cb03.filesusr.com/ugd/fe1b41_e36dba534e014081bceae3913b2c72f4.pdf?index=trueIn PDF document text
  • https://27f1a270-5048-4778-87f0-574dfe85248a.filesusr.com/ugd/b7306e_1d36a3f23d6044dcbdc7a5db066d2cb6.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.