Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffnew.ru/strik?utm_term=ocean+survival+3d+raft+escape+mod+apk PDF link annotation

  • https://lodoxaravejow.weebly.com/uploads/1/3/4/7/134719504/razina_guzupakubuvo_mekolimu.pdfIn PDF document text
  • https://kokexofagisukop.weebly.com/uploads/1/3/2/7/132710589/0c1c64de.pdfIn PDF document text
  • https://fijapirugonobi.weebly.com/uploads/1/3/4/3/134315317/retutukesejurabo.pdfIn PDF document text
  • https://rusopuse.weebly.com/uploads/1/3/4/4/134498446/832133cc.pdfIn PDF document text
  • https://pesadoxemanuz.weebly.com/uploads/1/3/4/8/134852899/xekusi.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/varolexexus/zoretufi.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc6f01bd8c365012834ab76/t/5fd643eb9264095525cf71af/1607877612356/2916568103.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/25678a23-4b30-4500-9013-f96fad9a5c39/33997233555.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/da147f94-e056-4d5d-95da-34747816efc0/laxegobefunopef.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a5e656d3-9d2b-4d3b-9678-6c7e18c8f4fa/cuballama_proxima_doble_recarga.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/07d29dd5-23a3-4534-a18c-4f1cee99a490/architectural_research_methods.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fdd3a932dcd53187f1eaf8b/t/5fdd62fcef735726d24413d8/1608344316752/ardex_na_data_sheet.pdfIn PDF document text
  • https://s3.amazonaws.com/dikobepibelun/65126087580.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fc5904aff13940aa25f39a7/t/5fcdf87124c49707d34398a0/1607334002292/cute_halloween_costumes_for_best_friends.pdfIn PDF document text
  • https://static1.squarespace.com/static/5fdfdbf19d00c472c28c2758/t/5fe0c326823f621b40c4dd3c/1608565544527/american_psycho_movie_tamil_dubbed.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.