Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• MFA / one-time-code harvesting lure high SE_MFA_LURE
  Document asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ggtraff.ru/strik?utm_term=snoking+hockey+tryouts In PDF document text

  • https://goduvozimaku.weebly.com/uploads/1/3/1/3/131380582/gowixop.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/tezofuretejom/42368201771.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc013a70a2757459bde56bb/t/5fcde12b74a40730fbbb7a02/1607328044557/kijawuwo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4118ad8a-351d-440b-8c19-f8e211b48091/ff14_paladin_guide.pdfIn PDF document text
  • https://s3.amazonaws.com/xefejevife/nutrition_taco_bell_7_layer_burrito.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc190673dfdd95b60d9d018/t/5fcdcc16e43f2b00a8c976f9/1607322646598/61568735822.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b3e6a568-82b2-4501-922b-b9232cbf5717/20938991972.pdfIn PDF document text
  • https://s3.amazonaws.com/pugomonapoxuxe/jivap.pdfIn PDF document text
  • https://s3.amazonaws.com/mexavofezoxi/chemical_quantities_chapter_6_test_answers.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc7b3e8d8e4f4479968ac2c/t/5fcd7b03d235d37878dc1fbd/1607301892565/gaforududefubemobofojebu.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc52fdb5687f52b6b9d2ab4/t/5fd63b0113a48350e80cd447/1607875329444/agenda_template_for_students.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fbfb2312cf09257bd651d14/t/5fc460d82dd96f5918798eb0/1606705368665/drawing_vk.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.