Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/wix?keyword=similarities+between+etc+in+photosynthesis+and+respiration

  • https://cdn.sqhk.co/kajutizikodu/Khdjaii/goku_super_saiyan_dragon_battle_mod_apk.pdf
  • https://cdn.sqhk.co/jesovolavig/jgjijef/58496430430.pdf
  • https://cdn.sqhk.co/zudilubal/K87jh4Z/wasidezalaloxavobakep.pdf
  • https://cdn.sqhk.co/kebokeregim/q6jjsdd/zubibiviwisasi.pdf
  • https://xasonametig.weebly.com/uploads/1/3/2/3/132303127/5432419.pdf
  • https://cdn.sqhk.co/wupifufexix/1jb1Lig/nujimedura.pdf
  • https://cdn.sqhk.co/pivokazi/AjfTrjb/ant_colony_optimization_example_code.pdf
  • https://cdn.sqhk.co/guwuweri/cifggjc/fetipegejenasejavaxola.pdf
  • https://xixobuba.weebly.com/uploads/1/3/4/8/134898189/vugef.pdf
  • https://cdn.sqhk.co/burexewejam/giw2lhc/agen_voucher_game_online_termurah.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://e301b21f-f707-426c-a094-6199d4b1a2d6.filesusr.com/ugd/f65518_204f8b20c50240ab8852f62845ee5808.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a097d18c-e233-4836-ad2f-80e9a3ef469a/how_to_pair_a_remote_to_a_roku_tv.pdf
  • https://69cf8a46-0d3d-4b71-8fd1-93df925da18e.filesusr.com/ugd/e4064d_5f4ccda55eb14f86876b693be26249ed.pdf?index=true
  • https://uploads.strikinglycdn.com/files/3e3544b8-e605-4f40-97f2-71885e457aaa/first_american_edition_harry_potter_book_set.pdf
  • https://uploads.strikinglycdn.com/files/1b12c28f-80e0-4b2c-a0f1-3613cb48b782/gududikikopijagegim.pdf
  • https://61069a5e-3c5f-4884-a3c7-8c7552058b74.filesusr.com/ugd/0789d5_bc410cd04f8b43f294ba7c475e1cbd3a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b4629f41-eadc-4ea4-b5fc-7d85afe23fbf/tissot_t_touch_battery_replacement_cost.pdf
  • https://uploads.strikinglycdn.com/files/0bdc23f6-b249-4eb4-8616-a7a3e4b1f606/kenmore_microwave_over_the_range_parts.pdf
  • https://uploads.strikinglycdn.com/files/c73270ba-5c81-4a8c-8954-9b527277b2f3/wedidodoxul.pdf
  • https://uploads.strikinglycdn.com/files/47159f1b-2e1d-4933-bfea-21dcbd94e3c6/sotixixitutosiruta.pdf
  • https://67a4337f-2b79-4d04-9c1d-2578c80f4945.filesusr.com/ugd/964009_6bdb6fe7feb34104ba1af96858dbf2f2.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.