Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/123?utm_term=investment+property+depreciation+schedule+template PDF link annotation

  • http://natbeach.space/cours_de_traduction_anglais_franaistkrx2.pdfIn PDF document text
  • https://jurijibo.weebly.com/uploads/1/3/0/8/130874645/posubon.pdfIn PDF document text
  • https://butiriretife.weebly.com/uploads/1/3/2/6/132681404/niwozikatavagipil.pdfIn PDF document text
  • https://webuxeneme.weebly.com/uploads/1/3/4/3/134368634/4142498.pdfIn PDF document text
  • https://goguribepolim.weebly.com/uploads/1/3/0/7/130739596/jodinogej.pdfIn PDF document text
  • https://kixajunurepe.weebly.com/uploads/1/3/1/4/131406563/744153.pdfIn PDF document text
  • http://matcobzor.ru/casio_fx-_570es_plus_manual_espaolkbx5v.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/ec9c7742-43f0-4ad5-a7f3-ec401b6107b7/samsung_mini_split_manuals.pdfIn PDF document text
  • https://5a98ae10-8c7e-48da-b83f-9bcbc644cfa3.filesusr.com/ugd/9a8764_7b5829a480e04876a258db31b9516a64.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/3101e6ad-0768-4ab9-8ac4-712e9b54d979/98056836581.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2d10900a-155f-445b-88f9-faeb9d781e70/windows_10_free_microsoft_word.pdfIn PDF document text
  • https://f1e11ea9-a931-46ad-af30-391325c877dd.filesusr.com/ugd/423518_27529873fbd54fc284952e2d52c59670.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/bf5776b5-87b0-4d62-90fb-7502a07d859a/what_is_taylors_theorem_used_for.pdfIn PDF document text
  • https://3a0d5408-2ea1-4258-8d29-5d96341cad2c.filesusr.com/ugd/79cb75_31fe30ab74924bf592271e4b5652f10f.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/589b2694-4d48-41c4-8bb9-21ab9f46899a/hp_officejet_4500_wireless_drivers_download.pdfIn PDF document text
  • https://46d16763-6c5f-4e19-aa2c-3f4071fcbec2.filesusr.com/ugd/26f730_4277ed46a79847658c815f190d034a3e.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/3c52f903-8b25-402e-88bf-bff27b1ac065/how_to_start_a_small_business_in_australia.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/25cfde65-115f-4333-981e-cce894887c6f/23855642409.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8e7e20c5-e234-42f1-9578-06e546125408/icewind_dale_walkthrough.pdfIn PDF document text
  • https://a2ae8793-a99f-480d-a3bc-849ef63d34f7.filesusr.com/ugd/cc207a_dc2ee7dd87174cd08e68f6ac89d67737.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/452e1d8f-9b63-4fab-9607-782776ceb6f9/great_writing_4_great_essays.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.