Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=hunchback+of+notre+dame+cast+1939 PDF link annotation

  • http://tiwujatujoput.mygamesonline.org/ayushman_bharat_yojana_in_kannada.pdfIn PDF document text
  • https://cdn.sqhk.co/mujawiru/dpTihhs/numbers_to_roman_numerals_date_converter.pdfIn PDF document text
  • https://cdn.sqhk.co/duloputemab/gc9zgjc/navidemavi.pdfIn PDF document text
  • https://cdn.sqhk.co/nobipajami/jhjjVkj/5s_daily_checklist_examples.pdfIn PDF document text
  • http://nijewogifuzazi.mypressonline.com/calibration_standards_iso_17025.pdfIn PDF document text
  • http://rerixen.scienceontheweb.net/makisubiju.pdfIn PDF document text
  • http://mowukedova.mypressonline.com/92804130102.pdfIn PDF document text
  • https://cdn.sqhk.co/domonuxasi/ifgUheo/17693567469.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://kedisijusa.onlinewebshop.net/feature_article_sample.pdfIn PDF document text
  • https://995be609-08d3-41b1-a6c0-90e53670bcec.filesusr.com/ugd/9988e1_f41cae3e94d84b8eb714837e923c3fb7.pdf?index=trueIn PDF document text
  • https://627ea4a7-3f28-4bf3-8c99-6a9da7dacf48.filesusr.com/ugd/1970e2_232381baf8fe43a883fc362dd23cc83b.pdf?index=trueIn PDF document text
  • https://1d942ef5-affb-47d8-8f99-70a3d187b733.filesusr.com/ugd/3283b0_687891f35f9c4479b6d11871d352962d.pdf?index=trueIn PDF document text
  • https://aed022ca-8a9d-452d-9022-56a74a585a14.filesusr.com/ugd/4d548e_117be8cac42e4ed4aeb11acc6042e996.pdf?index=trueIn PDF document text
  • https://0f7a2101-273c-4f7f-b1fd-079d1ad923c1.filesusr.com/ugd/a7ea6f_45104dae7a2d4954ba84ea734ed5af92.pdf?index=trueIn PDF document text
  • https://8569cc17-8b2a-4187-ace0-95b0550b99f0.filesusr.com/ugd/d6eede_4336f91c521b40e4948793aa002c5f5a.pdf?index=trueIn PDF document text
  • https://29ca30ec-7ad4-487f-8637-d2d67f3a323c.filesusr.com/ugd/10b11f_695424ce230c4569a61a372a7046ef67.pdf?index=trueIn PDF document text
  • http://jibimom.myartsonline.com/psychology_101_test_questions_and_answers.pdfIn PDF document text
  • https://fe426b01-1dd0-498a-b08e-7ec37e320b94.filesusr.com/ugd/6b45f0_141e8136b095463382ad2977c4e510aa.pdf?index=trueIn PDF document text
  • https://8d537faf-e869-4ed9-a29f-988560fab1dc.filesusr.com/ugd/0cce51_80d336d00bbd4ceb98e5365fea99144a.pdf?index=trueIn PDF document text
  • https://e5447efa-8854-4d04-834e-f0bbd7438c8b.filesusr.com/ugd/ac612b_f19eebc6acb747c2b769dabc46fb7d47.pdf?index=trueIn PDF document text
  • https://590703a0-be71-4d3c-a49f-17767d5969ef.filesusr.com/ugd/656c20_8e63c82b5090479883beeb788431ed50.pdf?index=trueIn PDF document text
  • https://75e6061f-eb7a-4ce8-b546-077bf96366c3.filesusr.com/ugd/2dfd19_62e4eb047a904455b7071d68e5b0cb44.pdf?index=trueIn PDF document text
  • https://0aa989e7-076c-475f-bc22-fff5ae310860.filesusr.com/ugd/b44be6_1de26b7368fa4cc59c7bf379159685d7.pdf?index=trueIn PDF document text
  • https://a0e9597c-cfbb-4fc1-b0e0-47ed6411b148.filesusr.com/ugd/24269e_02d2f6894f054c08b0005aca1683918f.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.