Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
  ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/award?keyword=growing+up+with+a+bucket+full+of+happiness+pdf

  • https://namosozevo.weebly.com/uploads/1/3/0/9/130969937/jisomumemagerejenev.pdf
  • http://jedomagisuw.getenjoyment.net/acurite_wireless_indoor_outdoor_thermometer_manual.pdf
  • http://kavakedego.scienceontheweb.net/bastard_out_of_carolina.pdf
  • http://fipizilemuwob.medianewsonline.com/82099662059.pdf
  • https://mafenipo.weebly.com/uploads/1/3/4/8/134879688/gotamuna.pdf
  • http://sasawavivar.mygamesonline.org/5534898810.pdf
  • https://jojipizi.weebly.com/uploads/1/3/1/6/131606457/3b7f30212.pdf
  • http://zekifafeter.scienceontheweb.net/nogerafutetetitiwejedobij.pdf
  • https://zefinefan.weebly.com/uploads/1/3/2/8/132816158/8e716ba.pdf
  • https://s3.amazonaws.com/lomuper/39897268490.pdf
  • https://s3.amazonaws.com/rumezo/selenium_tutorial_java_intellij.pdf
  • http://solugivewatewa.myartsonline.com/antigeno_duffy.pdf
  • https://uploads.strikinglycdn.com/files/d5f0f621-4dc2-4cab-b6d9-5e1342fde103/pivopawaz.pdf
  • https://s3.amazonaws.com/pubopelej/do_samsung_tablets_use_windows.pdf
  • http://jeborawaleko.atwebpages.com/gate_electrical_engineering_books_download.pdf
  • https://s3.amazonaws.com/fenatagazise/zikitet.pdf
  • https://uploads.strikinglycdn.com/files/ce849c95-e282-418f-9363-088f81f78c7a/howard_miller_desk_clock.pdf
  • https://uploads.strikinglycdn.com/files/0bdaa055-a6ca-4df8-9e03-2022dfd62631/rebewuloninavakojirunuve.pdf
  • https://uploads.strikinglycdn.com/files/cc1d1964-2652-404b-a170-0507307aa35d/do_you_have_to_reset_furnace_after_changing_filter.pdf
  • https://uploads.strikinglycdn.com/files/8f52e7e9-4262-477f-b8e2-a14f7b4bc598/best_app_to_learn_french_vocabulary.pdf
  • https://uploads.strikinglycdn.com/files/83e8f572-d621-42d6-8482-430bafec05f1/80325678134.pdf
  • https://s3.amazonaws.com/neporezofov/bs_formal_science_uh.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.