Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=formato+de+arrendamiento+local+comercial PDF link annotation

  • http://jisotevujemi.22web.org/xuteratawazexotuguluner.pdfIn PDF document text
  • http://lifizix.22web.org/kudupeg.pdfIn PDF document text
  • https://cdn.sqhk.co/buxifuludo/hazeijm/ice_age_village_hack_appvn.pdfIn PDF document text
  • https://cdn.sqhk.co/lomasamube/jbhaBje/cosmology_of_monsters_summary.pdfIn PDF document text
  • https://cdn.sqhk.co/logulemuset/aibigzb/28554510962.pdfIn PDF document text
  • https://cdn.sqhk.co/wisewuguv/jfK3giM/jedojamazef.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/5a2d08a2-8943-455d-bd48-200758158f52/whirlpool_front_load_washer_sud_error_codes.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1313d5e7-14ac-480b-af35-be0a04ae37d4/canon_rc-6_remote_control_compatibility.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ed617a13-beef-4fba-bffa-c469e13b1156/vimopurolonawapupanunil.pdfIn PDF document text
  • http://biparux.epizy.com/interior_design_courses_in_usa_for_international_students.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f5b4faa2-54d4-4003-9669-db5e56d255a0/25765563.pdfIn PDF document text
  • https://47ab6ce1-aee6-4086-a8e7-31fe393d2411.filesusr.com/ugd/afbef4_9ea213c4689a465c989d569dac88c015.pdf?index=trueIn PDF document text
  • https://7f06b679-e14d-4525-8955-d56a7cf6f710.filesusr.com/ugd/79e5df_861b9605b0b44022ab305c27df90e841.pdf?index=trueIn PDF document text
  • http://kefujaforu.rf.gd/silent_d_shoes_size_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/16207842-29ed-488e-a04f-2074aa333285/breville_tea_kettle_replacement_parts.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/32c6e392-0ab3-42d5-b028-214d99b825e0/history_of_islam_in_urdu_books_free_download.pdfIn PDF document text
  • https://5e04165b-6ab1-49a6-9937-45006fc2fbeb.filesusr.com/ugd/d19879_9b13974940724aae9234b925ee5ea3e2.pdf?index=trueIn PDF document text
  • https://cbf60184-924b-4e65-abc2-244eb733ec12.filesusr.com/ugd/9a25f9_366950f2000c4ba684213dcfdcedb342.pdf?index=trueIn PDF document text
  • http://tivagikirela.epizy.com/lung_cancer_overview.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a95a4aa4-2f23-45c0-8006-162ac968bb98/23870159435.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/37132a1e-51e8-4c98-99ab-7a7327546ece/chrome_flash_2020_download.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.