Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
  ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/wix?keyword=poke+the+penguin+complaint

  • http://microbladingeyebrowsdallastx.com/47801480271ywwjl.pdf
  • https://cdn.sqhk.co/tovitaxani/feUhjgh/36751478090.pdf
  • http://livemavuxedu.getenjoyment.net/84181711986.pdf
  • https://cdn.sqhk.co/nefikelifu/fgfibw5/tarika.pdf
  • https://cdn.sqhk.co/salulilo/YEji9y0/lagu_terdiam_sepi_uyeshare.pdf
  • http://fozivot.mypressonline.com/95636333329.pdf
  • http://gimatadokij.mygamesonline.org/7374723366.pdf
  • https://cdn.sqhk.co/pemazekefise/kjjaMGj/bunewixi.pdf
  • http://heliusdesign.ru/20806525341n4987.pdf
  • http://naturebiolog.space/13753562476p388b.pdf
  • https://cdn.sqhk.co/karopepagu/jfhdAhe/flexeril_classification_number.pdf
  • http://help-igcopyright.xyz/716533390889h1e7.pdf
  • https://1482387f-61d8-47e1-b538-9b7f1e8b89fb.filesusr.com/ugd/538d67_5af857ee16f34035899abd73f3227896.pdf?index=true
  • https://0ccb9a81-bd3c-41bd-bc79-2352350f0e5e.filesusr.com/ugd/95ea6b_1e01790166974195b033b9cd2f75e74a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/afb9d9a8-b1a2-4f68-b635-6e2d8c034770/zuliw.pdf
  • http://jagomizaf.atwebpages.com/85244807631.pdf
  • https://ff743420-c5e2-4527-a456-70ddb2a1abd8.filesusr.com/ugd/5178f2_e2769d07541a4555b6aa099cd80de692.pdf?index=true
  • https://b56e00ce-d729-42e9-814b-b9a4b194f5ba.filesusr.com/ugd/f6f93f_33c331ed0df94aceac7c6ec641eb263f.pdf?index=true
  • https://uploads.strikinglycdn.com/files/956a8ecd-cdd1-4835-9aee-e2d50c4dae07/arabic_language_textbook.pdf
  • https://uploads.strikinglycdn.com/files/175490fc-76a9-44f4-87cd-6b7ad250da66/65201265964.pdf
  • https://16fd3b15-5541-4454-9538-28daacbf497e.filesusr.com/ugd/e32576_433c36e289574a5588e4b217765c9847.pdf?index=true
  • https://d872ce2a-2baf-4032-ab86-ab75b2f66d52.filesusr.com/ugd/338562_aee27d7ddb4945d2b20350e6eb3b1e34.pdf?index=true
  • https://uploads.strikinglycdn.com/files/ea4a6571-f908-4e3d-8940-d25d5886ed00/9696381802.pdf
  • https://df256b98-640c-444d-885a-8195c7360722.filesusr.com/ugd/40b9e6_5a55ccd000274eb68d57859b57ae93dd.pdf?index=true
  • https://ca30e0e0-ecf2-44ab-b6a2-fe26291458be.filesusr.com/ugd/34e21e_a425b0044dad446b958aba8e4cfab908.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.