Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/strik?utm_term=roper+refrigerator+light+bulb

  • https://cdn.sqhk.co/wanadujogo/739qgca/44028804699.pdf
  • https://cdn.sqhk.co/tixuniwe/vOiehe2/androidx_constraint_layout_import.pdf
  • http://fazejajogavu.medianewsonline.com/wemovurokap.pdf
  • http://suwufexez.sportsontheweb.net/todavusorikivewebos.pdf
  • https://cdn.sqhk.co/dogilijesiwu/ifESXhd/idle_zombies_defence_mod_apk.pdf
  • http://xofebuledat.scienceontheweb.net/autocad_drawing_templates.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/doxifuba/google_authenticator_apple.pdf
  • https://uploads.strikinglycdn.com/files/ee28ae02-591e-43f8-a828-235367ffbe72/3065270645.pdf
  • https://07f52280-50dc-49c2-beec-a2e30bf849d0.filesusr.com/ugd/7b8f90_b100b91e683345e8a2783b85df55e073.pdf?index=true
  • https://uploads.strikinglycdn.com/files/fc644822-0b55-471c-a57f-3cce4901a958/caracteristicas_politicas_del_siglo_xix_en_espaa.pdf
  • https://uploads.strikinglycdn.com/files/6ba7354d-3ff4-4cb3-acc7-a116259cfd27/sword_art_online_alicization_war_of_underworld_episode_18_release.pdf
  • https://uploads.strikinglycdn.com/files/5cad176f-81bd-44f5-a213-f16e60237867/hoover_windtunnel_max_capacity_upright_vacuum_cleaner_with_hepa_media_filtration_uh71100.pdf
  • https://a16eeaf1-ab09-4fb7-bdbc-3ebfa24c279d.filesusr.com/ugd/03042f_dedb371a0074437cb9834ef86b4cb88b.pdf?index=true
  • https://edefa294-c65c-46c5-840b-8a4669b9fdfe.filesusr.com/ugd/e4a001_3800415d7e7f4a4594df352188c09684.pdf?index=true
  • https://uploads.strikinglycdn.com/files/3d080d58-97ca-4601-b744-15d3e0a45117/86989890993.pdf
  • https://uploads.strikinglycdn.com/files/db80d381-800e-4a43-bd91-622906a8074d/diccionario_mitologia_griega_y_romana.pdf
  • https://s3.amazonaws.com/tabobujimo/que_significado_tiene_soar_con_que_se_caen_los_dientes.pdf
  • https://s3.amazonaws.com/sedimeraxufi/british_royal_family_tree_worksheet.pdf
  • https://uploads.strikinglycdn.com/files/234018bd-1d38-42dd-af66-204c4d170b99/do_lock_pick_guns_work_on_cars.pdf
  • https://e29f0852-aa8c-4fc4-a5db-fcd144ab7086.filesusr.com/ugd/b730be_42cb08e261f04415a08f5a12ffafab37.pdf?index=true
  • https://7f993087-45f6-41f4-96e5-9dcaca18fb91.filesusr.com/ugd/9a92dd_64f39072fa28445b821f418f7ee9fdfa.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.