Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/strik?utm_term=the+long+haul+cast+2017

  • http://bewepovuzif.iblogger.org/dukugerojiro.pdf
  • https://cdn.sqhk.co/bapisolel/9hcH4ji/26812692940.pdf
  • https://cdn.sqhk.co/javeduner/ajcrrhf/mystic_messenger_zen_route_day_5_chat_times.pdf
  • https://cdn.sqhk.co/xeposetuge/ibgijaG/puxivevodojeten.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://numowun.rf.gd/milidebelolivixigiwofe.pdf
  • https://s3.amazonaws.com/bulozor/1734_aentr_series_b_manual.pdf
  • https://uploads.strikinglycdn.com/files/1a5680b2-85d3-49ee-ad9e-369969191ad9/fixavuluvamifixule.pdf
  • https://9a86171b-24d8-4f43-8717-687e75280c8f.filesusr.com/ugd/6234e8_35f6627929b34f74955c2e4df368e787.pdf?index=true
  • https://528a8416-53f4-4693-bcf0-540471887af1.filesusr.com/ugd/c3aa89_bd0947899b204989b32daad8bc85837c.pdf?index=true
  • https://s3.amazonaws.com/xukirizugukugi/harry_potter_wands_diy_chopsticks.pdf
  • https://uploads.strikinglycdn.com/files/e3a758b6-ad98-4dfa-8c96-5c910ee15e27/how_to_build_a_low_profile_coffered_ceiling.pdf
  • http://ruxuwidoke.epizy.com/steam_disk_write_error_paused.pdf
  • https://7b806e58-2e0f-4c22-b5e1-e0f71c4d6e86.filesusr.com/ugd/8da65f_3ff746bf70bb40bda3aa3ce674c64042.pdf?index=true
  • http://fasalowesi.epizy.com/casio_edifice_chronograph_wr100m_features.pdf
  • https://s3.amazonaws.com/gowebabuxogiro/holmes_mini_tower_air_purifier_with_maximum_dust_removal_filter.pdf
  • https://48e5b1ff-25fb-49a4-826b-3ad3f3a15688.filesusr.com/ugd/0d632a_26419ac34119423083f8b6f3ac627e7a.pdf?index=true
  • https://c84ffda1-e72a-45fa-8ce8-a771970cf326.filesusr.com/ugd/9fd656_55a0ff1a855e4316a391a981e660e447.pdf?index=true
  • https://c245485c-e1a4-4c5a-9a2a-c465a95e53c8.filesusr.com/ugd/25f824_91a35d7b40d543c08270f0d16c8f61b3.pdf?index=true
  • https://s3.amazonaws.com/tiluwisulepam/google_sheets_filter_out_duplicates.pdf
  • https://a519209a-2b0a-481f-9fe9-460c873bdc80.filesusr.com/ugd/270e53_aa5648204a614d25928791e4b8e52b24.pdf?index=true
  • https://8d2868a3-57b7-484c-81f6-493c1c4f5daa.filesusr.com/ugd/a8ca0f_6d5e9abc3609480c830d648326d7c797.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4050c880-1fc5-41a2-b6f5-d5e819bec057/34648248310.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.