Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/strik?utm_term=words+to+song+the+rising+sun

  • https://cdn.sqhk.co/jagapifa/iegdhgU/54674492397.pdf
  • https://cdn.sqhk.co/noperizapewo/cih7khg/star_wars_galaxy_of_heroes_pc.pdf
  • http://nutristrike-shop.ru/gutujeh5sxk.pdf
  • https://cdn.sqhk.co/neseleko/Cujcif8/galaxy_parallax_live_wallpapers.pdf
  • https://cdn.sqhk.co/xubipoxeguza/93AgciT/download_music_mp3_player_online_free.pdf
  • https://cdn.sqhk.co/pirujezexod/bKhFWge/crony_capitalism_examples_sentences.pdf
  • https://cdn.sqhk.co/lunilageruvu/hUHokTU/hearts_of_iron_4_mods_not_working.pdf
  • https://cdn.sqhk.co/nodezaneripe/iO4jfjb/mermaid_wallpaper_iphone_6.pdf
  • http://detonic-buy.website/fovoxupezezijiuqkp2.pdf
  • http://good-production20.site/jlab_jbuds_air_charging_case_lights4o2zw.pdf
  • https://cdn.sqhk.co/xipepovivik/hbhh8ia/jukodusokitexelelawasetu.pdf
  • http://gayerkan.com/algarroba_harina_informacion_nutricionaldrkbd.pdf
  • http://astrohelp.space/account_form_4zp0yq.pdf
  • https://cdn.sqhk.co/rapekerokemo/wv8IUii/66448951274.pdf
  • https://cdn.sqhk.co/degavorofala/jRhjhdp/real_steel_2_official_trailer.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://c01188fd-d8af-4b86-846b-090f7ecd58d8.filesusr.com/ugd/9058e5_2cf0001cc5bc45aa9390da9b475de690.pdf?index=true
  • https://s3.amazonaws.com/libusamagowuvo/31794238310.pdf
  • https://s3.amazonaws.com/taturi/how_often_should_you_put_ridex_in_your_septic_tank.pdf
  • https://uploads.strikinglycdn.com/files/449ff23d-6812-478a-a2da-6cef42132e8c/beethoven_sonata_op.106_en_si_bemol_mayor_hammerklavier.pdf
  • https://s3.amazonaws.com/mejobu/38269894311.pdf
  • https://uploads.strikinglycdn.com/files/c10b357d-1df3-4683-a370-77f34c3c8802/how_to_clean_furnace_filter.pdf
  • https://uploads.strikinglycdn.com/files/3b3f8baa-438b-47f8-8b13-eb2c6c037679/62382258918.pdf
  • https://uploads.strikinglycdn.com/files/d0a233d1-68ec-4684-b7bc-cc973916b785/lonejovuvusanovidipa.pdf
  • https://da550aaf-34ae-4f9b-ad82-7836b82beebe.filesusr.com/ugd/a203e6_d31df020b2184610a7b8f292347836d0.pdf?index=true
  • https://s3.amazonaws.com/vezumobigodub/the_woman_in_the_window_1944_dvd.pdf
  • https://s3.amazonaws.com/niporofez/kawokat.pdf
  • https://uploads.strikinglycdn.com/files/54337474-c184-4d96-811f-54834b8130ea/how_to_reset_yamaha_receiver_rx-v675.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.