Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/aws?utm_term=israel+beresheet+selfie

  • https://cdn-cms.f-static.net/uploads/4407313/normal_5f9c0acd64e09.pdf
  • https://cdn-cms.f-static.net/uploads/4384817/normal_5f8e6c174bc8e.pdf
  • https://cdn-cms.f-static.net/uploads/4404966/normal_5fa644a29b3e7.pdf
  • https://cdn-cms.f-static.net/uploads/4411490/normal_5fa965b23a340.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://static1.squarespace.com/static/5fc10aaaf9866f3fd2d521c0/t/5fc27686eaf37e3b64ebe7bd/1606579846913/run_4_unblocked_games_google_sites.pdf
  • https://uploads.strikinglycdn.com/files/4e923b09-545c-43ba-88a5-a9ee3a437ec7/r_2007scape_mod_jed.pdf
  • https://static1.squarespace.com/static/5fc1a9b80b6b03258f3af046/t/5fc58443f81c9a2a0c5fea34/1606779975250/maniac_magee_summary.pdf
  • https://uploads.strikinglycdn.com/files/1407ddfc-adce-4ea7-afe3-535d7b98df05/chemistry_8th_edition_zumdahl.pdf
  • https://uploads.strikinglycdn.com/files/2d13e55b-a48d-4cb2-a334-83b462a3d93e/scoutbook_parent_guide.pdf
  • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf494c4f98375720d65679/1606371660384/webster_ashburton_treaty.pdf
  • https://uploads.strikinglycdn.com/files/f8d43a0e-4d23-43c9-abd1-992732d5241e/domixunalumu.pdf
  • https://static1.squarespace.com/static/5fbffb1ae9fc3622d51d09b9/t/5fcd21cac00f007ceaefa2d9/1607279050668/96710256143.pdf
  • https://uploads.strikinglycdn.com/files/a59ea324-4a21-405a-bf63-c13f5b769b81/siemens_simodrive_611_fault_codes.pdf
  • https://uploads.strikinglycdn.com/files/ed622a2d-8aeb-440f-acd5-3c94e8e54256/81298506350.pdf
  • https://static1.squarespace.com/static/5fc328402e537a05ef17c917/t/5fc8144543b29e7a5ae63656/1606947910218/magic_rampage_secret_areas_3-_7.pdf
  • https://static1.squarespace.com/static/5fc0e46f24b06a7eb3ff1788/t/5fc73ddebfb90028be4df509/1606893024081/scruffy_meaning_old_english.pdf
  • https://static1.squarespace.com/static/5fc114532bbd74065807882e/t/5fc17291a97599144e2e0b91/1606513298784/david_ruiz_obituary.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.