Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
  ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/123?utm_term=web+to+pdf+chrome+addon

  • http://datingdate.site/86653369247xe4ra.pdf
  • http://meetsalle.xyz/powepujuvanujazeu36s.pdf
  • http://nariwunuzaw.scienceontheweb.net/pathogenesis_of_dengue.pdf
  • http://nuwetiveguvo.mypressonline.com/carboxylic_acid_reactions.pdf
  • http://vanimerukaguto.scienceontheweb.net/98555650652.pdf
  • http://edevletorg.com/characteristics_of_project_proposallkk0i.pdf
  • https://uploads.strikinglycdn.com/files/117c25e7-d70f-48f5-900d-8d7a56e4f840/spoken_english_online_classes_in_chennai.pdf
  • https://5a995288-ce6f-4ae3-a3e6-14272d8003db.filesusr.com/ugd/7be1cd_139b8abcd4c7412b90dc80639f9a4668.pdf?index=true
  • https://fa886832-b9e3-4ce5-a98c-97da2614721f.filesusr.com/ugd/9f8050_44969a8859c041998dbffa284c18808a.pdf?index=true
  • https://fc59733d-949e-4df9-817b-fea2515c5cc7.filesusr.com/ugd/689329_72a7bf8331324fbabea9ee8bd875f6bc.pdf?index=true
  • https://uploads.strikinglycdn.com/files/6dafb325-8952-4f8b-9f6a-a6ea64fffe5a/how_much_does_a_plumber_apprentice_make_in_ontario.pdf
  • https://12dd324c-696b-4d67-8c19-991f3eacec2c.filesusr.com/ugd/eeb7bd_5462d0e6f9d64abbb193cd957f4b590f.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9d6da621-9e5d-46cb-8ecf-936e3596e7fb/niv_study_bible_commentary_online.pdf
  • https://de315c38-daa2-4293-b666-e554ba9b7d65.filesusr.com/ugd/564d2e_bd8e7836869f4adda95e7bb0e67ab83f.pdf?index=true
  • https://68358877-4ee6-4e53-94f7-4bd9665c1f53.filesusr.com/ugd/3bbd68_a65899d17ab84191ac3f60fb506b18d3.pdf?index=true
  • https://6c9aa500-f8d9-42a6-b8a4-5b3c562bbfc3.filesusr.com/ugd/543886_e2fbe8042c2d4c49930b64a04cb0303a.pdf?index=true
  • https://efe523a3-d756-4f55-ba91-412f3a718e00.filesusr.com/ugd/236571_e1649c45c5ef4e5faa2e2e5bba3838e0.pdf?index=true
  • https://b1b1ed1d-a631-407f-b8a0-2f609481a9c2.filesusr.com/ugd/3e5895_93ea949c123a451c98136f380a3b0672.pdf?index=true
  • https://uploads.strikinglycdn.com/files/dcb509d1-45f1-4bce-8b7d-ca3e44482ec4/briggs_and_stratton_18_hp_v_twin_parts.pdf
  • https://4095172d-bd2f-4181-91d7-dd424e653400.filesusr.com/ugd/df73ab_f87a5f64bf094dc69e23fda9042cecbb.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.