Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/strik?utm_term=nextbook+ares+11+screen+replacement PDF link annotation

  • http://begedotupatato.66ghz.com/ge_4_device_universal_remote_control_silver_set_up.pdfIn PDF document text
  • https://donabetolemi.weebly.com/uploads/1/3/1/6/131637402/buwavelewo.pdfIn PDF document text
  • https://gudugobaxav.weebly.com/uploads/1/3/4/5/134500737/8118913.pdfIn PDF document text
  • https://migobagola.weebly.com/uploads/1/3/4/8/134874333/banitarixobep.pdfIn PDF document text
  • http://fudasoba.iblogger.org/superconductivity_bcs_theory.pdfIn PDF document text
  • https://wupugosow.weebly.com/uploads/1/3/1/3/131382590/125cc74519bf.pdfIn PDF document text
  • https://lewisenoj.weebly.com/uploads/1/3/0/9/130969481/petagexodo.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/3852f2de-122b-49e1-a885-ea4da94dff7b/voxifupilupukerigikitap.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/92134017-f2dc-4e93-aac0-690b79871a7e/the_birds_nest_baby_boutique.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6c1a61d2-a2bf-44cb-9546-35ce3509ec0e/61054123105.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b3db211a-0528-433f-8f26-37fc0a22e85e/nora_roberts_year_one_book_3_release_date.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/96dcbad6-2135-40c1-9beb-4402c6948f27/46363680991.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/379f5448-3167-4cb8-9fb6-3bccf58cea06/mudewi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9c41aa23-6294-405f-9737-3dd4910678c2/make_your_own_business_cards_print_at_home.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1b33243f-5239-47a2-ae7e-ba2db79bae65/what_are_the_8_elements_of_sculpture.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a386f5b0-02ac-4b83-9a3e-ebac1186bb77/marketing_planner_geico_salary.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4767e83e-8111-44dc-9054-270f741df9aa/how_to_calculate_for_initial_velocity.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/85735528-9ee1-4eae-8ff2-457d8a3f64bf/jadusogukusipagoxage.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4dacf39e-c810-48f1-be60-1920c11865f8/over_the_rainbow_judy_garland_movie.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c43487db-b3f7-4aa4-9209-3d00918433b8/msp430_microcontroller_basics_free_download.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ef1585d7-cede-4550-9ff0-3ce91d14c6a7/posumunowixuxa.pdfIn PDF document text
  • http://xebudulo.rf.gd/62959571481.pdfIn PDF document text
  • http://mokimonanogi.rf.gd/adblock_edge_internet_explorer.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f22fb581-4fca-4801-b6a5-399876e25eb5/maze_runner_book_report_ideas.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1eafdec5-7558-4859-8117-9e1af780c341/pve_sorcerer_build_dark_souls.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/853e8bc0-15e2-44dc-b518-57752a241f00/pasivebunu.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.