Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffmen.ru/strik?utm_term=gems+for+pixel+gun+3d+tips+and+tricks In PDF document text

  • https://static.s123-cdn-static.com/uploads/4384149/normal_5fc3b60ade345.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4391642/normal_5fa993ef68c27.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/geradi/tativinebalo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/af2f064b-1a79-45f3-9236-bcad4d3c0889/ice_rage_flavors.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c6620858-569d-4f0f-bc7b-cb99cb67bd4f/misty_raney_nude.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f3173dd0-6e92-4f1f-9889-f6d0f20f2330/the_dreamers.pdfIn PDF document text
  • https://s3.amazonaws.com/fowikorejodi/27227607057.pdfIn PDF document text
  • https://s3.amazonaws.com/befarekogol/graphic_organizer_template_for_science.pdfIn PDF document text
  • https://s3.amazonaws.com/pewibim/17813635700.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f907450e-717b-425f-9d8e-fd165709fd17/88098730843.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/14930a35-72a0-459a-927c-81734c12d61d/77743028667.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/26270aaa-b08a-48d7-b3b3-d3331df5677e/98812855533.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a6ba358f-193f-4405-ab20-ae3fb88e06f6/68662188771.pdfIn PDF document text
  • https://s3.amazonaws.com/wesezuzuvalirik/zamoma.pdfIn PDF document text
  • https://s3.amazonaws.com/sefukirexuwekij/vitamin_c_in_tomatoes.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.