Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/strik?utm_term=m%25C3%25A1s+all%25C3%25A1+del+sol+letra+y+acordes+joan+sebastian

  • http://stroymarketmetal.ru/594577319875fkdl.pdf
  • https://cdn.sqhk.co/jabosuve/1YRjhUE/10583800765.pdf
  • https://cdn.sqhk.co/lanumakefu/ggVs0ZN/15553654169.pdf
  • http://alteramaks.world/how_hard_is_dark_souls_3_dlcvt12n.pdf
  • http://zokoxakabu.medianewsonline.com/mubizikizaliwedul.pdf
  • http://lanizimugigil.getenjoyment.net/rrb_je_cbt_1_book_free_download.pdf
  • http://dayzcommunity.info/07_kicker_cvr_12_specs9rlfc.pdf
  • https://cdn.sqhk.co/mifopanikil/6MhfVjb/97717518463.pdf
  • https://cdn.sqhk.co/vinasujitupe/eAjehgf/33002256611.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/a9da1fe9-7a68-45b7-9005-07a875f8345e/does_the_american_red_cross_offer_phlebotomy_training.pdf
  • https://uploads.strikinglycdn.com/files/8e645f29-6019-40f6-951d-2a987929c737/highway_safety_manual_crash_modification_factors.pdf
  • https://1416a32c-f91c-4ec3-9c10-bfdf610c7df7.filesusr.com/ugd/76de1a_d13b08adc9964486a87f18498df6331e.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c29c2256-a64a-49d6-9e69-fc25478bf5fe/que_compuesto_es_el_cianuro_de_hidrgeno.pdf
  • https://91506351-5699-48ce-85e7-8e7d071f4e87.filesusr.com/ugd/d775a9_b14279c87b454294bfac6c6a75455c71.pdf?index=true
  • https://uploads.strikinglycdn.com/files/73c846da-2e63-4be6-b43f-171aa8e696c4/what_about_law_book_summary.pdf
  • https://uploads.strikinglycdn.com/files/eefe1761-2559-474f-905f-40b8628892ae/82379294558.pdf
  • https://02664c88-84e5-42fa-aae3-682d3a0d4328.filesusr.com/ugd/39d081_1c809c05f3ad4cf6a7d91e32a7fee8cc.pdf?index=true
  • https://uploads.strikinglycdn.com/files/44b33915-baad-408e-a39d-eecc762b4256/omron_model_hem-711acn2.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.