Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=weber+stainless+steel+grates+genesis+ii

  • http://options.expert/roku_2020_modelsyhuga.pdf
  • https://static.s123-cdn-static.com/uploads/4369655/normal_5ff529dcd238f.pdf
  • https://cdn.sqhk.co/wopidevepip/jeiddje/strategic_thinking_exercises_free.pdf
  • https://cdn.sqhk.co/zonumofil/hdv9Qo6/47918723435.pdf
  • http://smartcreditcheck.info/power_pressure_cooker_xl_user_guidey7puh.pdf
  • https://cdn.sqhk.co/demexadol/heiwCDr/ugandan_knuckles_vrchat_heyimbee.pdf
  • https://cdn.sqhk.co/fanalotozor/gcmicei/36992371650.pdf
  • https://cdn-cms.f-static.net/uploads/4457560/normal_606cec472224c.pdf
  • https://cdn.sqhk.co/tajudozizif/Ezk8ifn/child_care_package_nsw.pdf
  • http://help-business-media.com/teaching_english_as_a_second_language_free_online_coursex02yh.pdf
  • https://cdn.sqhk.co/zadorari/Pievjic/16041473714.pdf
  • https://cdn.sqhk.co/defisepeniba/cFjbGgf/car_stunts_3d_hack_apk.pdf
  • https://cdn.sqhk.co/napumefu/thcmMhe/kivuwagajawajuluvam.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://d80868e2-5d34-4dda-9345-0396294a35aa.filesusr.com/ugd/f9fac6_65e33aa53c374a67a3d39fe58b507d77.pdf?index=true
  • https://e82ff0bd-cb1a-4782-8b92-0a0fb7657660.filesusr.com/ugd/d17951_43caf8ac46e6497ab2f1148944bf078d.pdf?index=true
  • https://s3.amazonaws.com/jepinebawo/what_is_the_device_used_for_morse_code.pdf
  • https://s3.amazonaws.com/gogonof/shimla_kullu_manali_travel_guide.pdf
  • https://s3.amazonaws.com/ganubifirigevi/batman_the_killing_joke_netflix_reddit.pdf
  • https://ff8eac81-0dee-4da4-b7c1-1dee070544a7.filesusr.com/ugd/2637cf_03cc18e142984f9d894be28c972cbf22.pdf?index=true
  • https://7f58a6d3-5723-489e-a2bd-17fd91e1ddd5.filesusr.com/ugd/655495_4388bb4116a84786a46b9227336e45cd.pdf?index=true
  • https://s3.amazonaws.com/jasadavebaga/75725829917.pdf
  • https://b2f3f1fb-4f3f-4d5d-be65-f5b10dce6288.filesusr.com/ugd/735189_e416215f48984298ae31d0cab7ad3d95.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.