Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/123?utm_term=win+wallet+app++apk

  • https://telutowi.weebly.com/uploads/1/3/4/9/134904764/fuzarubudusi.pdf
  • https://sanupeden.weebly.com/uploads/1/3/5/9/135961416/ffff52294a.pdf
  • https://kuviwavu.weebly.com/uploads/1/3/1/6/131606254/wudalen.pdf
  • https://nukevokisoget.weebly.com/uploads/1/3/2/7/132711970/1089529.pdf
  • https://vifinijeg.weebly.com/uploads/1/3/4/4/134479412/pazobedakorig_pudemorunerifo.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/323a0092-db85-4509-84fc-afffb73294a3/which_direction_do_you_install_a_furnace_filter.pdf
  • http://ronefete.pbworks.com/f/96058284139.pdf
  • http://kokoxudalux.pbworks.com/w/file/fetch/144426900/ravaxa.pdf
  • https://uploads.strikinglycdn.com/files/43b07b3e-c314-4548-a2ea-c0bb2ebfd5cc/heat_transfer_cengel_solution_manual_4th_edition.pdf
  • https://uploads.strikinglycdn.com/files/fbc13929-fca9-4d05-a67b-376a67011f5a/22608794584.pdf
  • https://uploads.strikinglycdn.com/files/5fd202de-4242-4730-aeba-67afaa6ce984/samsung_front_load_washing_machine_error_code_5e.pdf
  • https://uploads.strikinglycdn.com/files/2bb1af74-c6d2-48fe-9d93-ba2da5c7442f/66956908949.pdf
  • http://junerew.pbworks.com/w/file/fetch/144587469/how_to_connect_a_canon_pixma_mg2522_printer_to_wifi.pdf
  • http://sowenux.pbworks.com/f/anatomy_and_physiology_of_eye_indu_khurana_download.pdf
  • https://uploads.strikinglycdn.com/files/a3d4164a-8726-4c5e-a52b-0b984f5181b4/catholic_prayer_book_free_download.pdf
  • http://sazupamufode.pbworks.com/w/file/fetch/144590157/96762545299.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.