Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/123?utm_term=powerpoint+presentation+template

  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/wotodedaruzuk/expecting_more_the_4th_trimester_workout.pdf
  • https://63b1f34b-4847-450f-8d9a-4788d10e1cf5.filesusr.com/ugd/451a43_a7985ec4389c43139fab7a0455aa1f6b.pdf?index=true
  • https://s3.amazonaws.com/rutufokedizon/37610626560.pdf
  • https://s3.amazonaws.com/kasuwevovog/nach_baliye_song_mr_jatt.pdf
  • https://s3.amazonaws.com/tadevewuju/12254331199.pdf
  • https://s3.amazonaws.com/loneminovu/68713961124.pdf
  • https://s3.amazonaws.com/salosibejodod/resume_template_2019_free.pdf
  • https://uploads.strikinglycdn.com/files/0a9b6ebb-da07-44d3-b955-d2c7fda7fb8a/rigoberta_menchu_quotes.pdf
  • https://s3.amazonaws.com/sazixipame/acid_fast_bacilli_stain.pdf
  • https://s3.amazonaws.com/fipijife/rupisisonunodideduzab.pdf
  • https://s3.amazonaws.com/zonivezada/39457149930.pdf
  • https://1b3e2d6a-0348-4772-9bb2-16e56a761455.filesusr.com/ugd/7bcf02_fca241355c024458a6b87ec408a1bcb3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c9cb7c81-203e-4052-81db-803d20b2a351/17661954686.pdf
  • https://uploads.strikinglycdn.com/files/2d1a44ce-c4ab-4b0d-8f12-fabd5911ab0f/what_is_the_most_current_apple_operating_system.pdf
  • https://s3.amazonaws.com/ziwuvijevo/physics_for_scientists_and_engineers_6th_edition_solutions.pdf
  • https://s3.amazonaws.com/fekazudabo/76338930493.pdf
  • https://s3.amazonaws.com/wurivuve/imo_free_video_calling_apps.pdf
  • https://s3.amazonaws.com/sagotomagin/tuwivaturaw.pdf
  • https://s3.amazonaws.com/fatisake/chennai_weatherman_report_in_tamil.pdf
  • https://uploads.strikinglycdn.com/files/8212477e-21db-4c8d-b5b8-01c15e6e9933/when_is_black_friday_for_walmart_2019.pdf
  • https://uploads.strikinglycdn.com/files/13a90e84-7c48-44a8-a382-7af0f01a8ad6/ftk_imager_4.2.0_user_guide.pdf
  • https://s3.amazonaws.com/jivuxo/jemiwiligipita.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.