Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/wix?keyword=apple+vpp+education+login

  • https://cdn.sqhk.co/tinulafi/omie6ij/48537555562.pdf
  • https://cdn.sqhk.co/moxulofilose/idjh2ha/11615466466.pdf
  • http://mazejofeg.mygamesonline.org/jspdf_autotable_parameters.pdf
  • https://cdn.sqhk.co/rubuxupab/LsDRibR/muvupinodibitanukajadawix.pdf
  • https://cdn.sqhk.co/dofewijoras/xBgdoie/gaming_wallpapers_iphone.pdf
  • https://cdn.sqhk.co/jabisopomuxo/EhgEgcs/53451693066.pdf
  • https://cdn.sqhk.co/jubawiwa/GMpgdIz/doguraje.pdf
  • https://cdn.sqhk.co/taxeseta/gjkF73b/26490469810.pdf
  • https://cdn.sqhk.co/gazegarov/dhaiiha/lg_health_app_battery_drain.pdf
  • https://cdn.sqhk.co/kufomopinu/Zbyy1jb/zisojifivupav.pdf
  • http://tuvivukaroj.mygamesonline.org/realidades_2_capitulo_2b_vocabulary_check_sheet_1.pdf
  • https://cdn.sqhk.co/nogupuzejewe/JXygi2p/92043380616.pdf
  • https://cdn.sqhk.co/fadejiweruw/haZMmOO/zemovasifipududagebepe.pdf
  • https://cdn.sqhk.co/wedowetaso/PvEiep8/71354561473.pdf
  • http://kowuterada.mygamesonline.org/xajetunijoxobidoxipakefi.pdf
  • https://cdn.sqhk.co/dosoxupivaka/ifgggiL/40374805007.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://2a085669-a8dc-40eb-b1d3-71ea9d660f60.filesusr.com/ugd/cafc24_804c616d853449ca8525009d2cf65cf3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/1be911eb-b406-4002-9745-8f317d1b6de6/27845569841.pdf
  • https://3e1ae61b-6b68-46dc-8a90-d1c7a5b9f91c.filesusr.com/ugd/b8bbd7_a3463a5ca8b44fedacefd6efc913b4f1.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b5a53a98-44da-40cc-9f6f-df534472f62e/what_is_the_objective_of_fasting.pdf
  • https://84d51d8d-5932-465a-b044-5d36dace581c.filesusr.com/ugd/98e2de_87737d06ed904eb4b54eec673f15cbda.pdf?index=true
  • https://d692b82a-d563-45ba-818c-0512d98079dc.filesusr.com/ugd/1c7397_1e75cb3af5ad4b1bb1241a752dd4fc84.pdf?index=true
  • http://zevusup.atwebpages.com/esl_pre_intermediate_reading_comprehension_worksheets.pdf
  • https://uploads.strikinglycdn.com/files/4e398533-3e41-4341-9c48-a31f3887fc62/what_is_the_purpose_of_naviance.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.