Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/wix?keyword=om%2526m+second+and+sebring+lyrics PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4420766/normal_6019b43b4d591.pdfIn PDF document text
  • https://cdn.sqhk.co/tixunadegu/jcAgiGO/kakaostory_app_download.pdfIn PDF document text
  • https://cdn.sqhk.co/sokulutesi/ajg1ja5/miley_cyrus_slide_away_video_music_awards.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4365563/normal_604d90e19d756.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4392868/normal_5ffeb872ca043.pdfIn PDF document text
  • https://meligobuv.weebly.com/uploads/1/3/1/0/131070858/mesukab-fozizawem-zogasudinen-visabufirug.pdfIn PDF document text
  • https://cdn.sqhk.co/mibemofega/jfwQuja/wedojabugefe.pdfIn PDF document text
  • https://cdn.sqhk.co/befozaxulot/ddhZja7/kunewomepufasepamesuranu.pdfIn PDF document text
  • https://cdn.sqhk.co/suxujaba/9xkijhg/maxillary_lateral_incisor_root_formation.pdfIn PDF document text
  • https://cdn.sqhk.co/juvowisire/zCidrgg/dinos_online_enemy_mod_download.pdfIn PDF document text
  • https://fetepidema.weebly.com/uploads/1/3/4/6/134684810/477df54d2cd.pdfIn PDF document text
  • https://cdn.sqhk.co/rekubapapup/lhwhdjb/wakaf_al_quran_malaysia.pdfIn PDF document text
  • https://jubitire.weebly.com/uploads/1/3/4/0/134017652/a3ec2d941f0ed3f.pdfIn PDF document text
  • https://lojumokixawivi.weebly.com/uploads/1/3/4/3/134370302/184474.pdfIn PDF document text
  • https://cdn.sqhk.co/titesojijuko/ijghBwA/scummvm_backyard_baseball_mac.pdfIn PDF document text
  • https://gixunilaw.weebly.com/uploads/1/3/1/8/131856646/gubiwizajisivalivar.pdfIn PDF document text
  • https://xadafujivesa.weebly.com/uploads/1/3/1/3/131397927/lifofozoroxibe.pdfIn PDF document text
  • https://cdn.sqhk.co/lexelinowe/HdWhg79/cannonball_tv_show_contestants.pdfIn PDF document text
  • https://nerisowale.weebly.com/uploads/1/3/1/4/131412290/c0a3b94fa5eb.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4470839/normal_6022842354259.pdfIn PDF document text
  • http://fedorahosted.org/lohitIn PDF document text
  • http://www.opentle.orgIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
  • http://smc.org.inhttp://smc.org.inIn PDF document text
  • http://www.indictrans.orgIn PDF document text
  • http://www.thdl.org/http://www.thdl.org/TibetanIn PDF document text
  • https://uploads.strikinglycdn.com/files/d0421fc7-fd5d-4e1b-9a34-1175d83491ea/the_one_year_chronological_bible_study_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e48b5984-921d-4881-8c60-82a9516d4702/81820801781.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/02361310-4845-4d65-8689-8ed9ee92c92a/how_to_fix_overscan_on_tv_windows_7.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2cf77174-51e9-4845-9718-d4eb75c20721/28188211511.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3792f6bf-2247-4239-a8b6-4d4492389b24/how_to_improve_memory_psychology_today.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://www.gnu.org/licenses/gpl.htmlIn PDF document text
  • https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
  • http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
  • http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
  • http://sinhala.sourceforge.net/In PDF document text
  • http://sinhala.cvs.sourceforge.net/viewvc/*checkout*/sinhala/sinhala/fonts/CREDITSIn PDF document text
  • http://www.gnu.org/licenses/gpl-2.0.htmlIn PDF document text

  +5 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.