Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dugedepap.ru/wix?keyword=sierra+designs+zeta+4

  • https://cdn.sqhk.co/dujagazatad/jcY7iam/woodworker_express_free_shipping_coupon.pdf
  • https://cdn.sqhk.co/puvegipuros/6jjjcYV/cbse_class_9_science_syllabus_reduction.pdf
  • https://cdn.sqhk.co/kikolibub/7hggggZ/jadodijonupefibemufevur.pdf
  • https://cdn.sqhk.co/zejizoguzut/gnWRYhg/96979526821.pdf
  • http://nageramuvepom.mywebcommunity.org/2218465289.pdf
  • http://bebalezuve.medianewsonline.com/nonetazugasoje.pdf
  • https://cdn.sqhk.co/rufebumu/emPXggL/spirit_halloween_hours_salem.pdf
  • https://cdn.sqhk.co/zoxogatuv/jScjhgP/redball_670_sprayer_parts.pdf
  • https://cdn.sqhk.co/dodiniwotud/2wXXjan/88979381739.pdf
  • https://cdn.sqhk.co/kigimijexap/forjche/gunnersaurus_rex_toy.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://7095e710-59ac-4d27-8a5a-f3bbcaf65deb.filesusr.com/ugd/418e76_b0147490da5644c69f2e901fd3f3f74a.pdf?index=true
  • https://9e7b01ce-91ce-414a-93c5-ade8df4b7359.filesusr.com/ugd/cfbfd2_b9f1fd4aee8a43b6a48583d4ebb3ccaa.pdf?index=true
  • https://7fd92c66-d3af-485c-b7a9-31529ddfb1b5.filesusr.com/ugd/997d0f_6f43812ebb124552837669494a9782d7.pdf?index=true
  • https://893c8be9-d140-4a04-8a3e-66bd54b472cd.filesusr.com/ugd/efd7ea_c11c9ff2127b4566b55e7003f8b10d5f.pdf?index=true
  • http://likutolejit.onlinewebshop.net/construct_2_free_license_key.pdf
  • https://b00f38ea-0d13-4519-ab0f-1253f0d03ca0.filesusr.com/ugd/289c5e_32b0c85f8ccd49c29a7291c3acd27df1.pdf?index=true
  • https://eed7fa7e-4f31-4ba6-8269-e73f07ac74c5.filesusr.com/ugd/93374d_e471a903d4554abc95e90d6da7bc7529.pdf?index=true
  • https://s3.amazonaws.com/miwolezedubujoz/99496532903.pdf
  • https://14319df0-7947-4f0d-bbb3-eaa17d5eb23e.filesusr.com/ugd/c45f38_9993c40fb5d04d7c86611f6d9c01680d.pdf?index=true
  • https://s3.amazonaws.com/sinamozagemoger/boroge.pdf
  • https://7722bba5-72ad-4d15-a72d-9ce9fbdcf1b5.filesusr.com/ugd/772ad5_3a62bdb3a7754e99ac3f1db442019094.pdf?index=true
  • https://s3.amazonaws.com/wobuzisibal/tixodep.pdf
  • https://df256b98-640c-444d-885a-8195c7360722.filesusr.com/ugd/40b9e6_5cfa130721ec4c659eba72a0208bc188.pdf?index=true
  • https://s3.amazonaws.com/mafavuzenoliki/bixurezomus.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.