Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/strik?utm_term=the+death+of+elvis+what+really+happened+book

  • https://komomofuxuz.weebly.com/uploads/1/3/4/4/134494735/3280062.pdf
  • https://guzajemifuraruv.weebly.com/uploads/1/3/0/8/130874286/mozogozi.pdf
  • https://luwupedo.weebly.com/uploads/1/3/1/3/131383743/1682626.pdf
  • https://ledajesaler.weebly.com/uploads/1/3/4/0/134041179/kumevugoto.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/b170039c-88e7-46b1-9b8f-057df38d68dd/how_to_install_sony_surround_sound_system.pdf
  • https://uploads.strikinglycdn.com/files/3fc79a63-19da-4a83-a2a4-a8158232464f/59257170906.pdf
  • https://uploads.strikinglycdn.com/files/12bb2db9-cb10-46af-bc56-f63a0da20b10/xilizizudetewozenibi.pdf
  • https://uploads.strikinglycdn.com/files/09d62f6e-456c-4867-aafc-1b441e9319f3/wagotorugivesezumujazapu.pdf
  • https://uploads.strikinglycdn.com/files/69b6b339-2b17-42a0-b27b-f1c628b0ea49/how_to_become_manufacturing_engineer.pdf
  • https://uploads.strikinglycdn.com/files/73679aec-c7c6-483c-b86b-cdc06e5f75f8/how_long_to_cook_a_pork_roast_in_a_rotisserie.pdf
  • https://9f4ad419-87ad-4507-9b23-40b7c7395cc9.filesusr.com/ugd/55478e_47bcab716dc44fc2a4437e71ba65976d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/6313b65c-420a-4339-a83e-c4aae777e3bc/mapiwo.pdf
  • https://uploads.strikinglycdn.com/files/55151a38-bdb5-41c9-a275-effb9a1a8f66/59275484682.pdf
  • https://uploads.strikinglycdn.com/files/047568df-a3ae-4933-9ee1-b8d7aeb3eebc/pocket_surgery_2nd_edition_download.pdf
  • https://s3.amazonaws.com/fonazuzixagizir/dometic_fridge_not_working_on_gas_or_electric.pdf
  • https://uploads.strikinglycdn.com/files/6e8a9109-09ef-43fe-86ca-ede5515e5eca/dudokijabusijal.pdf
  • https://s3.amazonaws.com/wetevali/3667125815.pdf
  • https://a529afa0-707c-494d-9cee-e9df2360aa12.filesusr.com/ugd/a6e48a_43b4865ac0a5417ca9549a10047f428b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/eb14fab4-2168-4566-ae19-14eac75bd2da/papilonadub.pdf
  • https://s3.amazonaws.com/wixamupelinere/wfaa_dallas_reporters.pdf
  • https://uploads.strikinglycdn.com/files/b1e574f8-f4b4-490d-bd31-f0c9b2a691db/how_to_make_a_childs_nose_stop_bleeding.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.