Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/strik?utm_term=john+deere+mower+seat+springs PDF link annotation

  • http://gatorama.space/kepowubusezokakunixl0609.pdfIn PDF document text
  • http://badge-verification-center.com/acetone_safety_data_sheet_nzakwqi.pdfIn PDF document text
  • http://winoorama.fun/57372982923i88ut.pdfIn PDF document text
  • https://cdn.sqhk.co/dawadetugas/FFjdja4/71674365893.pdfIn PDF document text
  • http://usesol.xyz/392810184296xuy1.pdfIn PDF document text
  • https://cdn.sqhk.co/zipedufipiz/jizhfqw/67086312355.pdfIn PDF document text
  • http://autocredit.moscow/kezukufojukeborifodudirrdi95.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/gezejoputiwinu/audio_driver_for_this_pc.pdfIn PDF document text
  • https://8c8a1d26-85df-410e-9d08-38b72659c452.filesusr.com/ugd/63f22d_f48940c789c74569a0e8e9a72ff27109.pdf?index=trueIn PDF document text
  • https://832c8a8d-f05d-46e3-9166-97d9de82ace4.filesusr.com/ugd/432509_b6c7e4ce420645d193a62833ad34f496.pdf?index=trueIn PDF document text
  • https://30c0d994-bee2-4d79-bc91-d4aaa7251653.filesusr.com/ugd/0962d9_c515900846904d47b9a846be53a34d52.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/e621d084-930b-4340-b653-3eeb3bf94d7e/97179597702.pdfIn PDF document text
  • https://s3.amazonaws.com/tazopaju/spotify_web_player_mobile_android.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/aff07d79-5bfc-4469-a3d5-32f137fdfd4c/kotuxasoga.pdfIn PDF document text
  • https://6c8027e1-9878-41b3-a9ef-32ba2b6bcd02.filesusr.com/ugd/185811_26dda4ff421648209f946c1bd02fc0f8.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.