Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://gettraff.ru/123?utm_term=republic+of+molossia+reddit

  • https://jumolemema.weebly.com/uploads/1/3/4/8/134853288/sikinur.pdf
  • https://fodorofofojep.weebly.com/uploads/1/3/4/7/134769626/lopaxe_kalutevaxunaxa.pdf
  • https://cdn-cms.f-static.net/uploads/4366045/normal_5f8a0e70a0df4.pdf
  • https://cdn-cms.f-static.net/uploads/4366319/normal_5f87af607f1cb.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/50fd8ce5-990d-4a94-ac77-52a6fea58fd1/49857057780.pdf
  • https://uploads.strikinglycdn.com/files/fd09ae9e-18ad-4708-820b-fd6035764ff1/49533007693.pdf
  • https://uploads.strikinglycdn.com/files/82525608-8866-42ea-a5d5-71c98e34f02a/hard_times_by_charles_dickens.pdf
  • https://uploads.strikinglycdn.com/files/3665724c-89df-49e9-b84e-af3cbafd4695/defotum.pdf
  • https://uploads.strikinglycdn.com/files/f04c449c-6672-46a5-bd3f-8b7f6f825252/24000404032.pdf
  • https://uploads.strikinglycdn.com/files/b485db4a-d2a2-461d-89a9-9568fe601dcf/nw-31201-7_ps4_fix_2018.pdf
  • https://uploads.strikinglycdn.com/files/03cec4ea-ff3a-4ea5-8f3c-9e9ff5fecb5a/me_myself_and_irene_download_movie.pdf
  • https://uploads.strikinglycdn.com/files/0da84e15-97e9-40dc-9859-fb5aae474be4/70491688371.pdf
  • https://s3.amazonaws.com/xufaxoferugod/26631907917.pdf
  • https://s3.amazonaws.com/vasagesorajirem/73088846164.pdf
  • https://uploads.strikinglycdn.com/files/388a692e-7530-4a0b-8ab2-4b471decefb0/long_horse_vs_siren_head.pdf
  • https://uploads.strikinglycdn.com/files/b1a63f07-72fd-4e07-820f-5e611763be1c/cartoon_network_summer_resort.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.