Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xajibur.ru/wix?keyword=dyson+ball+animal+instruction+manual PDF link annotation

  • http://pazolozul.mypressonline.com/anatomy_and_physiology_digestive_system_notes.pdfIn PDF document text
  • http://wide-take.top/kodesubofiwil788v.pdfIn PDF document text
  • http://xegazinijitup.mywebcommunity.org/the_hound_of_the_baskervilles_chapter_1-8_summary.pdfIn PDF document text
  • http://ladekepevij.mygamesonline.org/19293325998.pdfIn PDF document text
  • http://fawikenaxalu.scienceontheweb.net/software_project_management_plan_spmp.pdfIn PDF document text
  • http://vovpomnim.ru/balanza_comercial_de_mexicowl7ob.pdfIn PDF document text
  • http://workmonster.net/big_nate_download_freeitdma.pdfIn PDF document text
  • http://universe1.space/why_is_my_gas_oven_not_workingjqyih.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://6c8027e1-9878-41b3-a9ef-32ba2b6bcd02.filesusr.com/ugd/185811_72cd71b9f74b4cc38df49a81d837ed27.pdf?index=trueIn PDF document text
  • https://1423d76f-a56f-4481-bf87-726e17039346.filesusr.com/ugd/14aee2_8f43f73ec27943aeb0a443676c44f9b2.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/8553275a-9436-4d68-952e-6e92bf21356d/cuantos_son_los_libros_de_la_biblia_catolica.pdfIn PDF document text
  • https://d21da297-2d1c-4020-882f-059d99c29dc9.filesusr.com/ugd/3724a2_fd7f720e9d2641399f84f4c7f2357155.pdf?index=trueIn PDF document text
  • http://xovolefewawex.atwebpages.com/rerovukunavorujapejozo.pdfIn PDF document text
  • https://8c56b32b-3398-45d6-9c0b-b55146621f16.filesusr.com/ugd/6924eb_bf186c94fb4742c1a7007dd5ef737627.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/23519f42-7464-4ae5-b02b-0a5bb1307e80/what_are_the_7_domains_of_ppst.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d912d4be-5f9e-487b-b256-6c137cc621fe/72600537307.pdfIn PDF document text
  • https://46a1ac71-481d-4a85-b709-d40f3a189542.filesusr.com/ugd/143c98_450d6985744944f0901a13cb0531ee88.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/80dbaaa3-e5f0-480c-b1e1-24c82b090b24/76495011285.pdfIn PDF document text
  • https://089130c0-62ae-4bf1-a93c-656440fe8451.filesusr.com/ugd/738632_44817310ead34106b04b007942c573f9.pdf?index=trueIn PDF document text
  • https://368051e9-4199-40ea-b9a2-dc6e6f83cb3b.filesusr.com/ugd/6260fe_8cf23b5d53624b3b90664c364f0ca1c2.pdf?index=trueIn PDF document text
  • https://5b0e1d79-1acc-45ba-a965-31015372eee8.filesusr.com/ugd/67f5f7_faaf993acf6f49f5ad09877ba7ab3073.pdf?index=trueIn PDF document text
  • https://9e705916-5bde-4eb8-be9b-8b3e910fbaf8.filesusr.com/ugd/c7a620_29c1ad70700a4a8dbfbee26a85435349.pdf?index=trueIn PDF document text
  • https://c36efdde-2309-4ce2-a10d-b6df2ce12cd8.filesusr.com/ugd/e98059_6999af05ab0a4999bce9caeed6e299a2.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/f8dcb799-9f6d-499b-82e9-22c7b7f7b11f/paslode_f350s_wont_fire.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/17457fba-87d3-4fcd-a982-ed6ded172848/fesinapedesusesexopo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8caa4f37-df42-4e95-b7dd-ae284257776e/bawewawos.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.