Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/award?keyword=agendas+docentes+2020+pdf PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4483346/normal_6026f1531f1c1.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4471081/normal_601d1b0fc10bd.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4412588/normal_5fdd8437c7b60.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4490920/normal_604aa27bbaff3.pdfIn PDF document text
  • http://olx-delivery.cc/63823673024e0v6k.pdfIn PDF document text
  • http://onsideball.info/vekadopipeviwigogulr23w3.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4473656/normal_6000a2d918de1.pdfIn PDF document text
  • http://medicinfo.online/xijufumenawixagaxodly6n6.pdfIn PDF document text
  • http://flowerport.store/64068846342qgcjn.pdfIn PDF document text
  • http://tryraisins.pro/baofeng_uv-5r_ebay_canadafiapr.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://2b08c346-38d8-4763-b559-bb9d4fff2313.filesusr.com/ugd/40c9d6_b959de2251ae467795abebb66aa8259e.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/3d97ae02-9da2-462a-94f2-46953e3c7008/sawuvijezewamamuku.pdfIn PDF document text
  • https://2c5a832e-93c4-4ab0-bef0-969ef348d747.filesusr.com/ugd/cc5daa_b3b75ed741ff4003a2d0e656254537aa.pdf?index=trueIn PDF document text
  • https://081e7fb2-604d-424b-9b75-a58d54a71a44.filesusr.com/ugd/abd6ea_55f81dd7730c40038a2101a81e8bd740.pdf?index=trueIn PDF document text
  • https://58f604bd-1fd8-4cfe-af9b-f15e67d030d5.filesusr.com/ugd/9a7439_d6235c62e8c74ba8abce229419f47dfd.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/4c5b8735-5084-4bd8-b209-e4b534a343ec/govofamiredef.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f0376081-1532-48d8-a441-1a66487759db/how_to_update_g1100_firmware.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/28a18c98-b978-4651-a288-6dfb2e93fca9/41943995762.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/accc136b-a5ed-47cf-9446-b562890b0d17/pesazasuxetunuzipexoso.pdfIn PDF document text
  • https://6a8c3f3f-5248-4e80-80e0-4bf2c04f72bc.filesusr.com/ugd/8b2c09_b623a2893c8a4cffa7d2ba0c87bd75d9.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/b8225615-5f9b-41d3-b4df-66fe7a70327f/t-fal_ez_clean_deep_fryer_instruction_manual.pdfIn PDF document text
  • https://5548a280-a194-4776-8019-0e256783c1fa.filesusr.com/ugd/f2c1dc_257a98e4d6db4a3f83ff5afe5e79eef2.pdf?index=trueIn PDF document text
  • https://57e596f1-a2cf-4e3c-9ba9-dc8e42e7d639.filesusr.com/ugd/1e1da7_990469a4e0e248a1894a434664896d36.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.