Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=is+fenrir+a+god PDF link annotation

  • https://tolajugim.weebly.com/uploads/1/3/4/6/134647220/japeruxufojo.pdfIn PDF document text
  • https://lusimijibujadex.weebly.com/uploads/1/3/4/6/134677052/mowuzobisim_lajixuwumifo_jipanufavujobib_kimekugidapuve.pdfIn PDF document text
  • https://serataxufo.weebly.com/uploads/1/3/1/6/131606193/japasopodamapab.pdfIn PDF document text
  • https://bevufifebuseve.weebly.com/uploads/1/3/1/8/131855995/surejijikusubarem.pdfIn PDF document text
  • https://pitalozel.weebly.com/uploads/1/3/1/3/131384414/rubipufivijukigeti.pdfIn PDF document text
  • https://pasugewu.weebly.com/uploads/1/3/1/0/131071180/324263.pdfIn PDF document text
  • https://lujiwosibe.weebly.com/uploads/1/3/4/0/134040634/a9426453ffa3d0d.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://69cf8a46-0d3d-4b71-8fd1-93df925da18e.filesusr.com/ugd/e4064d_af292211067441f58ee8213f566744f5.pdf?index=trueIn PDF document text
  • https://e91fd7fe-782b-4baf-9007-7310148b3dec.filesusr.com/ugd/3254bf_05627c473d0b441390f490d2be46c895.pdf?index=trueIn PDF document text
  • https://562c2315-396f-49d1-9e45-1236e049cb13.filesusr.com/ugd/ec0012_604c707d8cc34c4db1e5739689ef776b.pdf?index=trueIn PDF document text
  • https://30372bae-fb3d-4285-bee0-d91e70c22047.filesusr.com/ugd/835091_c30cc8ed88a04104828d84d083ab51c0.pdf?index=trueIn PDF document text
  • https://4993f9ff-345c-4c03-a8ec-d4f8dac664d6.filesusr.com/ugd/debbe1_ae70d449d734475cbe25166d6d26e57b.pdf?index=trueIn PDF document text
  • https://e9593579-f51f-4dc6-af55-2543ab512b45.filesusr.com/ugd/37952c_0e9876c9ec4146cd913ce84960e2e973.pdf?index=trueIn PDF document text
  • https://d78d2789-9aef-4bfd-88be-9093bec910ef.filesusr.com/ugd/87a178_8e38691ce7564c24bb4fe7f3d44b515a.pdf?index=trueIn PDF document text
  • https://786c536d-253b-4a15-94df-129c4693a223.filesusr.com/ugd/1fc311_94ac476b03be4fe684c6d1bed1de48d6.pdf?index=trueIn PDF document text
  • https://c4e42e93-254c-4ba8-b495-737f84002742.filesusr.com/ugd/ddb60a_4ebaf76644454cd5a3a0894c62b9752f.pdf?index=trueIn PDF document text
  • https://27158da8-170d-48ca-a528-b8ced62fe517.filesusr.com/ugd/9fc8c3_db286f6371a541c38f4b1703a12c183a.pdf?index=trueIn PDF document text
  • https://8137cd1e-393d-4948-8193-eca935452849.filesusr.com/ugd/756799_d1672bbebb164658b7deceb703134922.pdf?index=trueIn PDF document text
  • https://ec8c99fd-5413-4e38-b6a0-2ccbba71fc6f.filesusr.com/ugd/de02f3_0cb5860a98114fb987f8e2fd05c8b822.pdf?index=trueIn PDF document text
  • https://d0bf7e8b-5449-41c0-93e9-161603c0719f.filesusr.com/ugd/197ed4_3604bb6977584ca78280453d3a59591e.pdf?index=trueIn PDF document text
  • https://459ec6dd-5b69-4322-a182-74abbfaa0e48.filesusr.com/ugd/221eaa_7a1b6df6d02c4bac8b7d4accdbda46e8.pdf?index=trueIn PDF document text
  • https://569e8712-2873-4b93-a654-ea71b6b809e3.filesusr.com/ugd/345929_86253d54866749729cac86af6d259486.pdf?index=trueIn PDF document text
  • https://528f6e5c-6927-42ef-b7a5-a8f9c349750c.filesusr.com/ugd/07b979_04ae3e1a021a43bd8faedd864ac93869.pdf?index=trueIn PDF document text
  • https://e31b828f-dd5d-4b35-abba-5777d5fc2ed6.filesusr.com/ugd/56a8cc_843aa118a1d546e5865a9088249f60d7.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.