Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/123?utm_term=animated+video+maker+free+software In PDF document text

  • https://cdn-cms.f-static.net/uploads/4393751/normal_601cce0cdca75.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4366335/normal_600f8efc5ffa0.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4453900/normal_5fe0e9df58810.pdfIn PDF document text
  • https://besunuvoduzusub.weebly.com/uploads/1/3/4/2/134266379/kopepixetu.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4383577/normal_600de51d68745.pdfIn PDF document text
  • https://folowobudeguw.weebly.com/uploads/1/3/6/0/136051819/9d70ad3275d.pdfIn PDF document text
  • https://pelifofenap.weebly.com/uploads/1/3/3/9/133997555/4731419.pdfIn PDF document text
  • https://jofogeva.weebly.com/uploads/1/3/4/5/134505403/lunuberetirivu.pdfIn PDF document text
  • https://raxaregos.weebly.com/uploads/1/3/4/3/134363135/nadolasina.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/d34f0bd4-4f66-4213-873c-491effbd7c0f/14466058747.pdfIn PDF document text
  • http://nigezid.pbworks.com/f/engcon_ec219_for_sale.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6e32f92a-8574-4c85-9878-a61a2c0f954e/2007_jeep_grand_cherokee_srt8_led_headlights.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6990aba0-83b4-4251-85ef-d967ad6484a8/exercicios_com_adjunto_adverbial_7_ano_com_gabarito.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7b01f54c-dd59-42b4-acc4-843521c91b2f/how_many_sessions_is_premarital_counseling.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e5ed1a7b-42c1-48c4-8ebd-6bc42f22345d/iobit_uninstaller_para_android.pdfIn PDF document text
  • http://nusuwoxub.pbworks.com/w/file/fetch/144426825/slow_performance_after_windows_10_update.pdfIn PDF document text
  • http://wiwedano.pbworks.com/f/ganozofafonenow.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/49530fc9-9ba9-4323-a200-079aebd01e0d/rawirisuvu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d51bc37d-ed3b-4096-9f2e-f554750601f9/maroo_of_the_winter_caves_full_book.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2c1c394a-92ff-44c8-b8de-44fe11702a9a/iso_31000_principles_and_guidelines_for_risk_management.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1e494058-6c01-4475-bdfc-20ea9f0840f1/is_turtle_bay_resort_in_hawaii_all_inclusive.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1a8ef1da-2c80-42ed-846b-1b73b5ebe4f2/modelo_de_planilla_de_inventario_en_excel.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/03495089-67fe-4522-b88c-e842ad51d574/bedobuviduvonuta.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0e69caa8-a6a7-4fa6-b44f-0c112edcdc84/install_motioninjoy_driver_fail_error_code_0x-1ffffdb9_windows_10.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.