Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maypoin.ru/wix?keyword=ideal+gas+law+worksheet+answers+chemistry+if8766

  • http://xeresorejal.iblogger.org/fijisiwepetiniw.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://d8acad56-eb9a-42d1-a06c-a695c5b02328.filesusr.com/ugd/0ad6c7_45bcf7fcda8b4e95967ca9706b1e1008.pdf?index=true
  • http://magomigubilo.rf.gd/romeo_and_juliet_2013_ost_download.pdf
  • https://s3.amazonaws.com/tiduro/sabrina_claudio_full_album.pdf
  • https://068ba8bc-08b0-4b68-8151-f3c59c7a5775.filesusr.com/ugd/5a4aad_5ebd384d3acd48f4a2dbc2ac8757f00b.pdf?index=true
  • http://juwozevukiri.rf.gd/bhojpuri_song_gana_karna_hai.pdf
  • https://uploads.strikinglycdn.com/files/c83d9a5e-51fd-466f-b462-e7d5b674d57e/75394137814.pdf
  • https://uploads.strikinglycdn.com/files/789ffd2f-9ff0-48d8-91d5-4c1d0c657c58/football_manager_handheld_2012_apk_data.pdf
  • https://3c2b787d-8465-4662-bdcc-bf736d584291.filesusr.com/ugd/8760e7_4d127f429d8641369d743b0cf498ec79.pdf?index=true
  • https://8b5ac0f3-2bc4-49a6-9a99-2541af31b215.filesusr.com/ugd/f2ef67_68f02438be474354b89908e75a593004.pdf?index=true
  • https://7ef5d8b8-74ac-4e0a-b0a0-fa61ca6462a8.filesusr.com/ugd/23e9be_1d5569cbb56143b7a6be63d558444fac.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a56edcf7-bb6f-4c66-9686-26014248b0b9/polovuwezujidizinew.pdf
  • http://fezesotufixodow.epizy.com/9587795867.pdf
  • https://uploads.strikinglycdn.com/files/55ee1cb2-9e8a-415e-a8d1-c3e4faab9346/marujofiruwu.pdf
  • https://920f4c01-5fd6-4c40-8b27-b99972fecb60.filesusr.com/ugd/d63aaf_1ab41db9e6e84b019e31d704e5a585b8.pdf?index=true
  • http://towixamum.epizy.com/24340619366.pdf
  • https://s3.amazonaws.com/figidireki/pipadibuga.pdf
  • https://uploads.strikinglycdn.com/files/e9f12493-a294-4aa8-870b-efa6097ae36f/dd_3.5_barbarian_character_sheet.pdf
  • http://gizimup.epizy.com/june_printable_calendar_2018.pdf
  • https://s3.amazonaws.com/zijivevip/bowers_and_wilkins_zeppelin_mini_user_manual.pdf
  • https://72b50e20-f79f-40ca-96b4-24bef83e308f.filesusr.com/ugd/1a1092_36d92082f9a142c391716433e69b6a63.pdf?index=true
  • https://92fa68c6-d088-48c5-94d9-776fe0504fc0.filesusr.com/ugd/5a053b_1820d7c35e0a43d9b34511d65791e563.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.