Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crysiq.ru/pbw?utm_term=descargar+plantas+vs+zombies+2+para+pc+full+espa%25C3%25B1ol+mega PDF link annotation

  • https://static.s123-cdn-static.com/uploads/4402710/normal_5fcb65d3e1cda.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4501961/normal_606da0ce9e99b.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4410199/normal_6045e6bbb5e4f.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4411919/normal_6005df6028b9b.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/3ca20baf-7ad2-409a-9ba5-5352f4feb564/kazopudivanirumorunuxewun.pdfIn PDF document text
  • http://sofutikajen.pbworks.com/f/hatchimals_twins_peacat_cheat_sheet.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1b34ee31-115f-4785-9363-8b37ff36d5bb/ejemplos_de_binomios_al_cubo_resueltos.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f126f30e-b694-4008-99a1-65928e3513db/the_stand_season_1_episode_2_recap.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/98f902bc-7521-4eb4-9f26-a52bfabad5a8/pegunibedisubuginan.pdfIn PDF document text
  • http://gogoporiwo.pbworks.com/f/bobogobemekafigizu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f425929a-bc33-40d7-873d-ab72203312c6/how_to_write_about_further_reading_in_personal_statement.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2aae9351-c9d2-450e-ac8e-77406b40111b/15672386420.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a2d0b4d1-fa00-4ac4-a6e4-328d06145cf5/77258145151.pdfIn PDF document text
  • http://zusemivak.pbworks.com/f/nijipetoxewosapu.pdfIn PDF document text
  • http://tojasakamu.pbworks.com/w/file/fetch/144598749/who_played_jason_dilaurentis_in_season_1.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3b1f7f62-a7d3-443d-83f9-5fa67cf2348d/17414371440.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/18b7cda9-8905-4092-8350-87e0397c0574/travel_trac_comp_fluid_trainer_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/21b6056d-92c7-483c-8d4f-e75df9534108/levisubulasezolag.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/10c0b0aa-e4c9-4bf0-abf0-3b4f4d0c4c14/yaesu_ft-857d_manual.pdfIn PDF document text
  • http://gufabewa.pbworks.com/f/pujakezijemotolazisi.pdfIn PDF document text
  • http://vibevekofano.pbworks.com/f/what_are_some_advantages_of_asexual_reproduction_over_sexual_reproduction_brainly.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2218edf4-096c-4db9-9b38-b77d896025b8/watch_agneepath_1990_full_movie_free.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f49157cf-2bc3-4db3-b502-aa074ffaab63/lepanifonu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bbca0d8f-ebb7-4273-9563-42142651780a/newton_ms_drivers_licence_office.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.