Malicious PDF — malware analysis report

Heuristics 7

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Urgency / deadline lure low SE_URGENCY_LURE
  Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dugedepap.ru/strik?utm_term=does+dbt+work+for+ptsd PDF link annotation

  • http://degimogug.mypressonline.com/invertebrate_zoology_practical.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4376369/normal_603d8fda7c5af.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4471230/normal_6047282606add.pdfIn PDF document text
  • http://suvonenexazu.mywebcommunity.org/cadena_alimentaria_definicion.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://71a0d42b-91d5-4e94-9338-ff69ca8a624b.filesusr.com/ugd/e5d5e5_bf3d4327cad14199af6129585796f631.pdf?index=trueIn PDF document text
  • https://ddc7b23b-31e5-4b5c-aaad-d3b7cef26861.filesusr.com/ugd/e506b8_2add6d739cd74875ac5b9099180560a3.pdf?index=trueIn PDF document text
  • https://2e4d99de-9d37-4ce2-abd5-0bbccafdbe51.filesusr.com/ugd/33a2e4_bf38d3a88fe440bd9b605b73e390458d.pdf?index=trueIn PDF document text
  • https://2703069b-a6ff-4ff9-983c-db139a8d76ba.filesusr.com/ugd/8b61cf_e0d20ace3a164065b5a9e5b543d94529.pdf?index=trueIn PDF document text
  • https://20128683-61eb-4207-b985-d468b1a81fea.filesusr.com/ugd/0049ca_1381e260a7fa4de6b45b951b13f6969f.pdf?index=trueIn PDF document text
  • https://fec450ea-b80f-4746-b851-35139cc02de5.filesusr.com/ugd/53a83b_1dbb830e4e7c435ea36cdf8dbfb84b60.pdf?index=trueIn PDF document text
  • https://76df98a8-3e94-4eee-a6f5-23e1de06049b.filesusr.com/ugd/54c74c_666b94fca88b430688c5028d78e22d0e.pdf?index=trueIn PDF document text
  • https://451cdc1f-766e-44a1-8a9d-f9db2ecad5ed.filesusr.com/ugd/0f0d48_d3cd811d34ad46dd96a5ff376ef4df7e.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/80f52ed8-8902-4e2e-a6ad-01b241dcdbaa/nipofitavivagepisenisaxab.pdfIn PDF document text
  • https://5e04165b-6ab1-49a6-9937-45006fc2fbeb.filesusr.com/ugd/d19879_0e4f83f264ec454d9ff8988d329bd961.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/c0e9d3b4-058f-4160-b358-cc186874c5d4/spongebob_game_of_life_rules.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f87c7264-1997-4f69-b119-459ef22f44d8/25832297581.pdfIn PDF document text
  • http://nabulegewuwal.myartsonline.com/annotate_evernote.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fc91223b-0d6d-498e-ac5f-58e07d805c7d/elric_of_melnibon_movie.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4aa09f44-329c-480f-abdf-d85fd81a129a/how_do_you_count_by_sevens.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b93aa8af-693a-4e3a-a8a9-41b94a469956/magonumisoti.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c2155c87-69fb-48a4-8086-51e848940a1c/modern_calligraphy_font_letters.pdfIn PDF document text
  • https://81d89a68-18ac-4cf1-ad00-ddd5d2f7da41.filesusr.com/ugd/ed58ef_2e20bcd436fd4802b2508d0e9e728199.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/d1daad62-3d4e-4ff9-ae53-cb6a29cd8dc5/how_to_teach_character_traits.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.