Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/strik?utm_term=how+to+identify+periods+pimples

  • https://cdn-cms.f-static.net/uploads/4411270/normal_601d244dcac00.pdf
  • https://cdn-cms.f-static.net/uploads/4452834/normal_6021ebbb54b0d.pdf
  • https://cdn-cms.f-static.net/uploads/4372073/normal_5fd2f5836ab1d.pdf
  • https://cdn-cms.f-static.net/uploads/4459177/normal_6059677126da2.pdf
  • http://lnstagramcopyrightcenter.com/sukexuhmixm.pdf
  • http://winoorama.site/2011_chevy_traverse_rear_ac_not_working43jkz.pdf
  • http://good-production17.site/72574059652zq91w.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://98cdd5c5-c43e-49eb-9373-39517e896cbb.filesusr.com/ugd/90661f_e5f43570d72a4575b4488dc941076b53.pdf?index=true
  • https://a2ae8793-a99f-480d-a3bc-849ef63d34f7.filesusr.com/ugd/cc207a_cc212da5232c40e8a63a65122ec32d4d.pdf?index=true
  • https://ab25a8b3-4d80-4d4b-93a1-c1347014fa7c.filesusr.com/ugd/8d0191_680e847b10a34879b2cc7e62da1b956a.pdf?index=true
  • https://s3.amazonaws.com/dumupa/conservation_of_mass_problems_worksheet_answers.pdf
  • https://s3.amazonaws.com/sulasatevirexo/life_simulator_apk_android_oyun_club.pdf
  • https://af0fe010-594a-4ec7-a26b-e2d78e33490d.filesusr.com/ugd/7d2910_f4d96991b1004774959bd08681a75f90.pdf?index=true
  • https://s3.amazonaws.com/lomiwexuva/59059318107.pdf
  • https://uploads.strikinglycdn.com/files/a8a576b3-b1f8-4a02-8acb-20e62805c95a/17180658753.pdf
  • https://983c8978-ad56-435f-a988-47358aa6040c.filesusr.com/ugd/06a663_3ac81ccb80224ba79bc148a5d77d431b.pdf?index=true
  • https://s3.amazonaws.com/donarepemi/wh_questions_exercises_grade_5.pdf
  • https://s3.amazonaws.com/xifabilejilab/jipuno.pdf
  • https://uploads.strikinglycdn.com/files/c7d2a7f3-a4f9-4848-af62-179cb7b6df07/mounting_sunsetter_awnings.pdf
  • https://s3.amazonaws.com/fifomi/98136877916.pdf
  • https://s3.amazonaws.com/gixirojozogufux/salesforce_tester_interview_questions_and_answers.pdf
  • https://s3.amazonaws.com/jipowumat/4749042168.pdf
  • https://s3.amazonaws.com/pegebunov/pons_advanced_dictionary_english_german_apk.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.