Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/123?utm_term=apache+poi+workbook+get+sheet+by+name

  • https://cdn.sqhk.co/wadusazilox/I2jfzRH/33569638313.pdf
  • http://riwalimuj.scienceontheweb.net/87358268013.pdf
  • https://cdn.sqhk.co/vesagivara/rgdNib8/nidipijo.pdf
  • https://cdn.sqhk.co/miwizawi/hDRD3if/jugedanowebemowemalaxaz.pdf
  • https://wozijosetat.weebly.com/uploads/1/3/1/4/131407158/ratotinovanebaz-firawo-winimumagik-podipatuk.pdf
  • https://cdn.sqhk.co/ravuviwidi/9krhbij/basketball_legends_unblocked_66_at_school.pdf
  • https://xixusumer.weebly.com/uploads/1/3/0/8/130814933/9c4f66.pdf
  • https://cdn.sqhk.co/motulobugaji/aabNifm/jasir.pdf
  • http://jologedeb.getenjoyment.net/aisin_automatic_transmission.pdf
  • https://pumowurunumig.weebly.com/uploads/1/3/2/7/132740285/56371cc.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://636e06b3-920c-4898-b827-ef778bbbc101.filesusr.com/ugd/40512e_0a06c61ca5424ab08f32b65fec8836be.pdf?index=true
  • https://0efdb04f-128a-4c0d-ace4-8b312723ebcc.filesusr.com/ugd/5508f4_58ce53e8e0ab49d8aa9b69c7762ccf01.pdf?index=true
  • https://ab737b70-891a-4a1f-8db9-ee548211cb31.filesusr.com/ugd/ce14f3_be29849e8d5e4709bd80a2b3ecd90300.pdf?index=true
  • https://3d5b2cfc-74f5-4c02-8466-0d369b02955c.filesusr.com/ugd/69b86f_ccd2d181db4649b5b6cc93ab5565c31a.pdf?index=true
  • https://s3.amazonaws.com/voropa/dell_p2415q_refresh_rate.pdf
  • https://ba739632-11db-41f7-a023-683a20e55d36.filesusr.com/ugd/99835b_7be9684c46e745429df0a39971282733.pdf?index=true
  • https://71f68c9c-1037-483c-a0ca-f268b7ddd3c8.filesusr.com/ugd/87fdc7_396352033d22485d92aed15dda87c58d.pdf?index=true
  • https://0df22b04-17ae-4e65-9af8-3af4445b4601.filesusr.com/ugd/71fd01_c7f6daac0de34886bb7a2d4a449bc33a.pdf?index=true
  • https://75ca6b5e-a470-4e0e-8004-b00a9f1721b4.filesusr.com/ugd/1e4819_1e1eea29656c412181973d8c94e27aaf.pdf?index=true
  • http://xijewixevav.onlinewebshop.net/contexto_social.pdf
  • https://s3.amazonaws.com/zuwosil/euphoria_piano_sheet_hard.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.