Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/strik?utm_term=to+kill+a+mockingbird+chapter+26+summary+shmoop In PDF document text

  • https://mulodunewumil.weebly.com/uploads/1/3/4/3/134314444/47f7a896ab.pdfIn PDF document text
  • https://petenugilamabo.weebly.com/uploads/1/3/1/4/131453278/c4c0416a1fbc5.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://static1.squarespace.com/static/5fc6c096c89b935f15dd7edf/t/5fd17f5f23f2866aa38061f7/1607565152245/corrugated_box_company_profile.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/49294510-e7a1-434c-a93a-3e6d563b9fb9/poxeki.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fce1d253b4ad40d4a7f5bec/t/5fd6a7140f11661d4c36b61f/1607902996269/24779667986.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/14eec6fd-89b4-4c09-85cb-940d83d4c96a/98410366439.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd14c55dd8cf232ed127c0/1606227143196/black_pearl_wow_3.3_5_wotlk.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8527c957-3d59-4993-a130-7f741bcad247/latino_boy_gay_porn.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc0e526c6229360ecacefcf/t/5fc1933e4f983757201b6b2a/1606521662777/natural_and_artificial_selection_gizmo_answer_key.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/643a2cfa-a227-4b69-9cfd-9f6bc20390c0/baxozebivivebu.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc69e5d9955c744b563101b/t/5fca11ca2ae1264a0398bfef/1607078347246/uefa_champions_league_final_2020_tv_coverage.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.