Malicious PDF — malware analysis report

Heuristics 3

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffmen.ru/aws?utm_term=bitbucket+api++repo

  • https://cdn-cms.f-static.net/uploads/4450243/normal_5fa62ace040df.pdf
  • https://cdn-cms.f-static.net/uploads/4451025/normal_5fafdede3d956.pdf
  • https://cdn-cms.f-static.net/uploads/4376858/normal_5f8ca9688e00d.pdf
  • https://cdn-cms.f-static.net/uploads/4445325/normal_5fa51c9222772.pdf
  • https://cdn-cms.f-static.net/uploads/4365652/normal_5f86f63894510.pdf
  • https://cdn-cms.f-static.net/uploads/4389823/normal_5f8fed277ec4e.pdf
  • https://cdn-cms.f-static.net/uploads/4374535/normal_5f8a38b58a7e2.pdf
  • https://uploads.strikinglycdn.com/files/e65c91b3-203d-4714-b063-bcabee9b82cf/rotimebobomevu.pdf
  • https://s3.amazonaws.com/fedufiporara/88165393353.pdf
  • https://s3.amazonaws.com/tujeviwakirawu/types_of_advertising_techniques.pdf
  • https://uploads.strikinglycdn.com/files/48e81676-dd30-48a2-b250-a1ed23134ccc/12303354633.pdf
  • https://uploads.strikinglycdn.com/files/ed3d7245-a6dc-4a6d-be6d-9468eb2c6958/five_nights_at_candys_4_reddit.pdf
  • https://uploads.strikinglycdn.com/files/586535c1-d636-4566-a6d9-fd0075d81879/31676181022.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.