Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClickFix social engineering attack high SE_CLICKFIX
  Document instructs the user to press Win+R or paste a command into a terminal — consistent with ClickFix attacks that bypass macro restrictions by tricking users into running malicious commands directly
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://cctraff.ru/123?utm_term=system+event+notification+service+disable In PDF document text

  • https://cdn-cms.f-static.net/uploads/4370068/normal_5fe736c144846.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/d7bfaf6c-3ae2-4f5a-b6ea-d7c60e7103b3/3428378184.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/48394017-ed53-4996-bf16-0b9f618eb5ca/tatajejirobakoxujupa.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4ddcba31-d55a-46e1-93d0-5fe23d7851e5/youtube_video_downloader_chrome.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d5c7440f-d9e4-42ca-9f81-0725deb37df5/rush_hour_traffic_jam_game_argos.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/02da0ddb-daf5-4a0e-b325-b8ebea3d604b/sijetik.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a716fdf9-790b-4233-b478-cfa844548c32/nidawirinabakogalex.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b8b80d42-943a-4560-9247-2658a92967e6/2002_ford_expedition_service_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3516b4d0-80d7-411a-8bf6-27d02cf82d47/ldoe_bunker_alfa_code_today_january_19_2020.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8da68c23-63b2-41c2-aef0-2fe559a6df7a/gamobawuzaw.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b7150ae4-8ae4-4f8d-8234-0392af983b54/how_to_draw_a_scroll_rolled_up.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a703090b-b255-4b90-89fb-e81d90bf6c3f/24938938185.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5b33323f-38b1-48f4-9564-2cc1981b88ba/space_shuttle_challenger_risk_management.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2ec794c5-0efd-4580-aac2-95739b5a66cc/rarezevefumovarelur.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.