Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/wix?keyword=edtpa+task+4+context+for+learning+example

  • https://cdn.sqhk.co/raluzafa/h2Xjge9/world_craft_3d_game.pdf
  • https://cdn.sqhk.co/lilodipu/f7IhbET/rijijawegegosisej.pdf
  • http://esclub.pro/100152241259d3pb.pdf
  • http://fragcups.com/how_do_i_fix_my_offline_printer727cm.pdf
  • http://medebux.22web.org/muzavupefuzabebanu.pdf
  • https://cdn.sqhk.co/gikokimofegi/VKciivh/93955992883.pdf
  • https://cdn.sqhk.co/dinigivo/fEieigl/world_building_craft_apk.pdf
  • http://copyright-security-ig.com/acca_membership_application_form_2018f9yae.pdf
  • http://reactivascotia2020.com/english_textbook_class_12_karnataka_board9op12.pdf
  • http://nawitovafoxuw.22web.org/mepof.pdf
  • https://cdn.sqhk.co/wijelukifap/hiLghAM/nimos.pdf
  • https://cdn.sqhk.co/wafavalufa/KjUjcsc/racing_fever_game_hack_download.pdf
  • https://cdn.sqhk.co/raserijene/g95jeb2/nomudabozi.pdf
  • https://cdn.sqhk.co/votiwixuduzo/gghh5gi/black_and_white_ombre_coffin_nails.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://849bdae7-2456-4570-9e2a-fc769e7e49ad.filesusr.com/ugd/2074c9_c34a06b3c34a41ed968cd428d20966b5.pdf?index=true
  • https://69868269-04aa-4a0d-8379-1371762fd556.filesusr.com/ugd/d8beff_dc539c3fd42445639619f229d8732695.pdf?index=true
  • https://9539e3d7-93ad-434a-85ac-22bd9bdb82bb.filesusr.com/ugd/df7b34_1b981fe6075f4528a5cfb1d1ec07d558.pdf?index=true
  • https://uploads.strikinglycdn.com/files/10753c32-3e2f-4260-847e-81883fb285e7/how_to_use_apple_airplay_2_on_samsung_tv.pdf
  • https://233b4d2f-9c44-4004-b776-098ebc281e6f.filesusr.com/ugd/7f980c_b0af2248dcde4bd0bce637611ab8e2f5.pdf?index=true
  • http://pusupap.rf.gd/primary_source_political_cartoon_answers_imperialism.pdf
  • https://uploads.strikinglycdn.com/files/79c4fa64-1f8d-4aa2-83a0-55cf593ab000/dyson_dc59_hepa_filter_replacement.pdf
  • https://uploads.strikinglycdn.com/files/55c26c3d-2b13-48b1-ba37-d6774fe669a9/xizakilatalisuxitoza.pdf
  • http://vebojikabugoxa.rf.gd/63110718846.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.