Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/123?utm_term=self+assessment+library+en+espa%25C3%25B1ol+pdf

  • http://blubadgehelp.net/ver_pelcula_completa_en_espaol_los_hermanos_karamazov_youtubeu1kxg.pdf
  • http://getporte.xyz/cisco_switch_vlan_configuration_commands6uxrv.pdf
  • http://cosmosqrab.online/38947593888kxmtk.pdf
  • http://girlita.space/lubupafilosulurawinoviggy6hc.pdf
  • http://it50off.pro/dewalt_dwe7491rs_table_sawe7irv.pdf
  • http://parralax.net/college_english_101_reading_listq4cw5.pdf
  • http://stal-kemerovo.ru/lucky_life_8_reviews29jhr.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://d992f69e-bc5b-430a-92d7-abfd66d0380b.filesusr.com/ugd/6f7357_8147df2661834540b877c9b1359df3b6.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d224d40b-a26c-4ce6-b629-471f16e25fcf/58088708981.pdf
  • https://36535336-4f9e-4c0a-b1ad-3385cb5d4299.filesusr.com/ugd/15ebe2_50672d1be3bb4760babee79a48912b9e.pdf?index=true
  • https://s3.amazonaws.com/pafexegud/89421133764.pdf
  • https://28f2c00a-638b-45ec-8848-4d649cb6aba9.filesusr.com/ugd/946f28_4a2b8d1718cd4cedbbd0d1658e57337b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/0a55e18b-ce36-40d7-8066-1136e8159363/dotabugijutibogun.pdf
  • https://uploads.strikinglycdn.com/files/193d16b7-b64f-4bff-b6c2-fe90285463d9/baby_einstein_jumper_replacement_parts_uk.pdf
  • https://uploads.strikinglycdn.com/files/005a8ac4-b01e-4a4f-abf6-cc11db51de9f/5_dysfunctions_of_a_team_chapter_summary.pdf
  • https://uploads.strikinglycdn.com/files/6643b622-86f7-437b-bd12-dd9dacd40f33/xixalajaveresat.pdf
  • https://s3.amazonaws.com/najubu/bharat_movie_free_movies_counter.pdf
  • https://c5c27394-2042-4749-9b39-d1c24dcbd9f0.filesusr.com/ugd/e9b987_3d63e5600bee44e2a14804a7a1dab551.pdf?index=true
  • https://s3.amazonaws.com/befarekogol/captive_prince_book_3_epub.pdf
  • https://uploads.strikinglycdn.com/files/1f21297c-ddee-4cb9-bf5a-342ac652a4bc/leadership_and_self_deception_free_download.pdf
  • https://94db4134-5784-44c5-a63d-963e509970fa.filesusr.com/ugd/9c58c5_24c9b11614d34739811c954212412f97.pdf?index=true
  • https://uploads.strikinglycdn.com/files/8a8018de-2c2c-40b7-ac98-254b3a56b913/43136152650.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.