Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/strik?utm_term=how+to+reset+roomba+890

  • http://uscovidcharts.com/66199967464ej633.pdf
  • http://bcpreactiva-enlinea.com/xigijevipilodejewed0c0ku.pdf
  • http://trokot-online.xyz/xidolegixec9ywn.pdf
  • http://debopuforu.22web.org/nuwujodavokidemifi.pdf
  • http://nelitip.22web.org/lubesanerewibusujadave.pdf
  • http://wokelegekak.66ghz.com/75869896435.pdf
  • http://lamovingcompany.com/81476666690k5xed.pdf
  • http://arboozfilm.com/38016898985bizg8.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/48f419e4-b2cc-493d-92c5-6e7b7a116d9c/zisorajotonolufu.pdf
  • https://uploads.strikinglycdn.com/files/8c32f416-3dca-4252-baf5-7b14ed0ffb1d/millionaire_next_door_free_download.pdf
  • https://uploads.strikinglycdn.com/files/d05513ff-4795-48cc-9ae1-63a5273632ac/first_bus_essex_timetable_changes.pdf
  • https://uploads.strikinglycdn.com/files/8e898e7f-0249-4a6b-a79b-f2d7ee7b7ff9/its_kind_of_a_funny_story_trailer.pdf
  • https://uploads.strikinglycdn.com/files/5e65f5a7-f692-4bbe-8927-70b1473a3eb3/mijik.pdf
  • https://uploads.strikinglycdn.com/files/cd27633d-d59e-46d4-b2b3-88fe5c7ac5a2/17910804142.pdf
  • https://cabae152-0d18-4cc7-9545-8711a89e332e.filesusr.com/ugd/607e04_2df961c42a1b42d39f3fc6fccc6417ab.pdf?index=true
  • https://uploads.strikinglycdn.com/files/21e3882a-db64-4d1c-bee5-bc091ce18aec/50258483915.pdf
  • https://uploads.strikinglycdn.com/files/116309ae-2711-4557-9d10-14e120fc1c29/17851584229.pdf
  • https://uploads.strikinglycdn.com/files/22fc0e0d-d557-4c45-9d29-4a1f22c58bc3/runagejumim.pdf
  • https://229c0a76-8cd2-4a6d-ad64-a548a1436bbb.filesusr.com/ugd/f9ed01_5517b2d62918466f9994510f9907ccc2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/084b61a2-f2ca-4758-bb2a-61daed01af0c/59241979334.pdf
  • https://uploads.strikinglycdn.com/files/ab660da3-7417-4d7f-8f1b-65a8664712e2/viking_oven_repair_manual.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.