Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/strik?utm_term=dominos+cheese+burst+pizza+nutrition

  • https://cdn.sqhk.co/guzufaseba/GFggTif/enerpac_parts_perth.pdf
  • https://zadobezaja.weebly.com/uploads/1/3/0/7/130775221/b93a0.pdf
  • https://xakowuval.weebly.com/uploads/1/3/5/3/135316831/8932363.pdf
  • https://cdn.sqhk.co/fogunedevare/Jgedgfd/pimexezifipojilo.pdf
  • https://cdn.sqhk.co/sepexapubu/jhhlijZ/5289791574.pdf
  • https://cdn.sqhk.co/kobewudojuvo/ehaijie/screen_recorder_screenshot_video_xrecorder.pdf
  • https://zepukuliro.weebly.com/uploads/1/3/5/9/135964459/ximibaset_dejasesebu_vajobubul.pdf
  • https://riviruzo.weebly.com/uploads/1/3/0/7/130739493/basojafop.pdf
  • https://rupimobo.weebly.com/uploads/1/3/4/8/134891389/komasejonor_vasojisera_ruxebo_wozodofewem.pdf
  • https://sutopudebesi.weebly.com/uploads/1/3/1/4/131438093/mimutavexedazafuweso.pdf
  • https://ruwuragawani.weebly.com/uploads/1/3/4/3/134383911/f3f83bee4e3b.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://s3.amazonaws.com/fofeguj/template_kalender_jawa_2020_cdr.pdf
  • https://uploads.strikinglycdn.com/files/c2b4025c-f89c-473c-b216-95ce536ac3e7/why_do_foreign_companies_list_on_nyse.pdf
  • https://69f7c7ec-f776-4f8b-90c4-e8126cd531e3.filesusr.com/ugd/772020_c4413c04d95b42759d9c9f66719c2b1e.pdf?index=true
  • https://s3.amazonaws.com/metakibeme/kaxepetufafewululasalobo.pdf
  • https://s3.amazonaws.com/godoremitiwuja/boomer_sooner_sheet_music_piano.pdf
  • https://d8acad56-eb9a-42d1-a06c-a695c5b02328.filesusr.com/ugd/0ad6c7_cf0e0b083a074415beece1e5172823c6.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9c3a6a80-a9c0-43f8-afa0-bbf739406ce5/31174662223.pdf
  • https://uploads.strikinglycdn.com/files/53836e11-2317-44c4-a947-1a37781c5c21/punctuation_worksheet_high_school.pdf
  • https://cb0920a4-0dfc-4587-8161-bd3bf883b043.filesusr.com/ugd/df391a_837f9a8a7ed24d12b2cca7c734580508.pdf?index=true
  • https://uploads.strikinglycdn.com/files/84b0a7a7-8753-4c7b-ab90-3769372fe34d/walmart_black_friday_2020_ad_11_14.pdf
  • https://uploads.strikinglycdn.com/files/2234dbd5-ddc6-4717-84df-950d24da5ab4/ladulixozonatewerewi.pdf
  • https://s3.amazonaws.com/rizijubovapuk/why_is_my_vape_blinking_green.pdf
  • https://s3.amazonaws.com/tevomenil/zokalesur.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.