Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=metric+conversion+chart+printable.pdf

  • https://raxiruzaxulam.weebly.com/uploads/1/3/0/7/130738564/776da43ad3fe67b.pdf
  • https://sajulivos.weebly.com/uploads/1/3/1/1/131164476/187bfd.pdf
  • https://xaduvipejejex.weebly.com/uploads/1/3/4/6/134631107/8000683.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://911f1565-2faa-4874-b261-330d521e7362.filesusr.com/ugd/f46427_ebb56791863e48f0af7b389e8d5a72b8.pdf?index=true
  • http://laxuzoto.onlinewebshop.net/kiran_publication_bank_clerk_english_books_free_download.pdf
  • https://uploads.strikinglycdn.com/files/22d9b561-21b2-498d-b8aa-e32c60f76b53/27107918939.pdf
  • https://uploads.strikinglycdn.com/files/bc0c2f3b-a13a-4c73-929a-d2fb937ad2ce/78391410536.pdf
  • https://s3.amazonaws.com/filidabut/they_say_i_say_chapter_4_exercise_2_answers.pdf
  • https://b5c90759-dbf8-4ccd-b12d-e23c958527f9.filesusr.com/ugd/915a55_9a3fcd5085c84d6fb72286cf9786069c.pdf?index=true
  • http://pusebirenox.myartsonline.com/tezisopemukonokav.pdf
  • https://43a2ba88-5de9-465b-b95f-6a4d82f2d06e.filesusr.com/ugd/dcbeda_f24d1bb00f754b6890ad8d58b547b99f.pdf?index=true
  • https://3e1d1bad-f645-4ebd-ac75-469e7ff7c972.filesusr.com/ugd/e745be_5a9b1029685442e18d7c65d5b3d0de72.pdf?index=true
  • https://uploads.strikinglycdn.com/files/cf2d2294-f3d3-4eed-af6c-701cc245b4d7/what_is_sub_0.pdf
  • https://uploads.strikinglycdn.com/files/a4f801f1-9c52-4b45-838e-c14b5a8ce062/dunkin_donuts_wake_up_wrap_copycat.pdf
  • https://uploads.strikinglycdn.com/files/93e801c1-e210-4d7c-87cd-8333562004d4/debubopukuxo.pdf
  • https://ba10d46a-d7c1-43af-8542-f1a50f31aa8a.filesusr.com/ugd/4dded2_f79e2390f6644744924003dc2af692d6.pdf?index=true
  • https://uploads.strikinglycdn.com/files/ea5d4aa6-6111-425a-b0be-b34a4e8f535d/14425263817.pdf
  • https://s3.amazonaws.com/jojitagifuva/math_games.pdf
  • https://s3.amazonaws.com/gebukil/60749920259.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.