Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/strik?utm_term=the+five+dysfunctions+of+a+team+activities

  • https://cdn.sqhk.co/kamozipu/ehfibNE/adidas_face_mask_black_small.pdf
  • https://cdn.sqhk.co/fofodafexadu/4jchhih/kids_kitchen_appliances.pdf
  • https://cdn.sqhk.co/lididiregi/vifrgc0/the_eagles_greatest_hits_full_album_2018.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://168d2a81-f750-40c6-a653-3787650f980d.filesusr.com/ugd/3bcfef_b389dac50cc3422dbf0e381d5f536893.pdf?index=true
  • https://s3.amazonaws.com/pibajuwi/edgenuity_answers_english_2_semester_2.pdf
  • https://s3.amazonaws.com/kubafezin/xunenezadegetawosezazabi.pdf
  • https://ff0b3df2-dc61-4aeb-9024-93fa9b5bc175.filesusr.com/ugd/aa14a9_da8ecb76150e4930b639722e48fcb655.pdf?index=true
  • https://689a2394-1721-4ce0-b6f7-af9f1dc0d621.filesusr.com/ugd/0f5b72_ffd475d1266a47abb4d3eedb1b307a56.pdf?index=true
  • https://s3.amazonaws.com/wusone/73720848619.pdf
  • https://s3.amazonaws.com/votuweroxigezog/53312151168.pdf
  • https://a1c9bafd-2917-4c1b-b79c-a4b44a941470.filesusr.com/ugd/f0f215_9449dcfac54a41e186e84e6200b10ac9.pdf?index=true
  • https://3568ea06-17fa-4787-91ae-86b9aa918cbd.filesusr.com/ugd/8ade13_638299587048422da2ca1d9a08ed025d.pdf?index=true
  • https://7162f0c1-3bb2-4775-9ad2-1e34613fb889.filesusr.com/ugd/595093_cb2db091a2fc4435bfae61fbccc062e5.pdf?index=true
  • https://591e60e9-54e8-4b06-a9a7-f2e0522969d0.filesusr.com/ugd/1fd4b7_4556b36af4ba42e5817b8958705fcde8.pdf?index=true
  • https://s3.amazonaws.com/naxozelozude/introduction_to_computer_systems_and_assembly_programming.pdf
  • https://3c8197b3-f999-4f29-b3da-fbdfea3dbf34.filesusr.com/ugd/0047a4_e1cd977ff2b94aa0b6308565042b89fa.pdf?index=true
  • https://0fe83ef2-ed6b-4f04-a52d-31fe3c58d8d1.filesusr.com/ugd/ade4e6_0545ff2d20574fefa77bcc2bc0d3a3b7.pdf?index=true
  • https://s3.amazonaws.com/risalenefazozo/is_a_hypothesis_and_theory_the_same_thing.pdf
  • https://s3.amazonaws.com/gofilafixu/how_to_fix_cabrio_washer_lid_lock.pdf
  • https://s3.amazonaws.com/xulepiwa/genetics_exam_questions.pdf
  • https://s3.amazonaws.com/fadupazageraf/xinudavo.pdf
  • https://2f8a6ab9-e864-4757-b083-6627a13f4c48.filesusr.com/ugd/405339_df49d53904d94b37a8dc9fd2bb2cfd4c.pdf?index=true
  • https://s3.amazonaws.com/figidireki/lovarosoguxir.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.