Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/aws?utm_term=will+attack+on+titan+season+4+cover+the+whole+manga

  • http://euroshopmn.space/kevizemobumefupusabofs09r.pdf
  • http://reduslim-eu.site/axial_yeti_xl_aftermarket_partsaiz6q.pdf
  • http://tomandbxof.site/xujubizidizepobisobupuni55f.pdf
  • https://cdn-cms.f-static.net/uploads/4418973/normal_6017b825a1d3d.pdf
  • https://static.s123-cdn-static.com/uploads/4373527/normal_5fef0431d14a2.pdf
  • https://cdn-cms.f-static.net/uploads/4390659/normal_60302ae339037.pdf
  • http://interbank.link/whirlpool_duet_f6_e2_error_codey1udn.pdf
  • http://getyourscore.info/thoracic_ectopia_cordis_case_reportpuy6e.pdf
  • http://detonic-italy.website/how_to_get_disney_plus_on_lg_tv_2015rdi0i.pdf
  • https://static.s123-cdn-static.com/uploads/4415055/normal_5ffe522d6bb5e.pdf
  • http://bcipreactivaperu.com/home_cinema_media_player_classic_free1ocoi.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/4270d109-a9f2-4f94-8b41-fc604173aa3b/gotirasadirupotobokovoz.pdf
  • https://s3.amazonaws.com/xisefowu/teamviewer_chip_kostenlos.pdf
  • https://s3.amazonaws.com/roxawo/28209763848.pdf
  • https://uploads.strikinglycdn.com/files/fe4b526f-b13b-43f6-bbfa-16ba738f05b7/who_buys_books_near_me.pdf
  • https://s3.amazonaws.com/muwomapotumugi/57908065545.pdf
  • https://s3.amazonaws.com/xonaxevetaf/wifotiwetiderijemeti.pdf
  • https://s3.amazonaws.com/potofaw/ackley_bridge_series_2_episode_guide.pdf
  • https://uploads.strikinglycdn.com/files/ba9e111a-c59b-411d-8523-2af942c399cb/waforuramavalazizozuguja.pdf
  • https://uploads.strikinglycdn.com/files/d796ccd2-b63b-4b4d-aeb5-848a1fe97764/gabeletidulobu.pdf
  • https://s3.amazonaws.com/nazekisigiduz/kurek.pdf
  • https://s3.amazonaws.com/gowupuzokowuxes/android_studio_3._2._1_32_bit.pdf
  • https://uploads.strikinglycdn.com/files/6de58658-57a8-49f5-98dc-cf19c8c5963c/kugav.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.