Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=what+is+the+psychoanalytic+theory+in+psychology

  • https://cdn-cms.f-static.net/uploads/4496378/normal_606802479043f.pdf
  • https://cdn-cms.f-static.net/uploads/4501995/normal_602644f4d9e3f.pdf
  • https://static.s123-cdn-static.com/uploads/4417319/normal_5fe5fba66736a.pdf
  • https://tedowinoni.weebly.com/uploads/1/3/5/3/135304389/227cef4a3.pdf
  • https://static.s123-cdn-static.com/uploads/4421764/normal_5fef351ec366d.pdf
  • https://jibuzuku.weebly.com/uploads/1/3/0/7/130739289/jabusanubej.pdf
  • https://vufumepuzatine.weebly.com/uploads/1/3/5/3/135335191/wudexisiwulidod_bolujipu_lisebos_gufosuboweb.pdf
  • https://cdn-cms.f-static.net/uploads/4378845/normal_60551758a917e.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/b4b47990-45e3-4527-ad4c-ad63059508df/scary_stories_to_tell_in_the_dark_audiobook_download.pdf
  • https://uploads.strikinglycdn.com/files/f5f67e95-896b-45a5-a25d-ec9d25468670/suwofarusu.pdf
  • https://uploads.strikinglycdn.com/files/5e0dc9c6-fb13-49c3-9bb3-4627dbffceae/how_do_i_connect_my_epson_nx230_printer_to_wifi.pdf
  • https://uploads.strikinglycdn.com/files/e551055b-efb4-43fa-bf5a-5911cb1d37b4/software_developer_jobs_london_ontario.pdf
  • https://uploads.strikinglycdn.com/files/d6b23bf6-2e49-4693-85f4-9cff9ccd524f/fluke_175_price_in_india.pdf
  • https://uploads.strikinglycdn.com/files/cd76e001-1b74-4356-b1ff-305176b0709a/4_types_of_organizational_structure_in_healthcare.pdf
  • https://uploads.strikinglycdn.com/files/a843b4e8-6d67-414a-8503-85f1b695c2be/29521241363.pdf
  • https://uploads.strikinglycdn.com/files/536795bf-4e7f-44d7-a38d-27c3904ab02a/lizopiruwo.pdf
  • https://uploads.strikinglycdn.com/files/26fee795-ea31-4127-bb30-145080343150/94132436312.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.