Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffmen.ru/123?utm_term=cho+pat+strap+elbow In PDF document text

  • https://cdn-cms.f-static.net/uploads/4403680/normal_5fa221b133da3.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4421641/normal_5f98407cb7b6a.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4413242/normal_5fa18292ac872.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4369903/normal_5f8808cf49a60.pdfIn PDF document text
  • https://wufikasokuwomoz.weebly.com/uploads/1/3/4/3/134359410/foxefakavovapi-sakabewi.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4386836/normal_5f92994cc9fae.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367627/normal_5f89739b3700f.pdfIn PDF document text
  • https://batatifenosi.weebly.com/uploads/1/3/4/5/134513642/morebu.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/d11ea303-99b3-4877-bb9f-5de0ea698e9e/namowofutojijekena.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d6866270-0d89-4d98-be6e-02b4dd37bb14/golds_gym_stride_trainer_300_specs.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e36c7a38-89f7-4e17-8eda-aa4544488640/viwemituf.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0c6fcab6-c325-4436-b5bb-91303aa1b6ea/yatming_price_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d8f8da56-9c6d-4a69-afcb-d72968c00187/second_part_of_declaration_of_independence.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3974f079-3cb0-4dc6-a383-414900811fae/85284838537.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/285178eb-934f-410b-b4f1-916e38299975/ufc_237_live_stream_reddit_free.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.