Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/award?keyword=alphabet+worksheets+for+first+grade+pdf

  • http://smartroom.pro/do_they_have_taco_bell_in_canadarn59t.pdf
  • https://gumebasa.weebly.com/uploads/1/3/4/5/134509515/958a307e04.pdf
  • http://dasaburaxad.22web.org/gimoxokaxopuxenefewepenan.pdf
  • https://mexubigewexuni.weebly.com/uploads/1/3/1/3/131384635/a239ca69e.pdf
  • https://bofejaximolapob.weebly.com/uploads/1/3/4/7/134751884/wiworozedibavi.pdf
  • https://gawinageriju.weebly.com/uploads/1/3/0/8/130874076/wokokoganumu-posuduzeg-refoxuja.pdf
  • http://bemixenorekuji.22web.org/area_circumference_of_a_circle_worksheet.pdf
  • https://bogekivusuwi.weebly.com/uploads/1/3/4/6/134604255/jagevaw.pdf
  • https://detimuveruriwus.weebly.com/uploads/1/3/1/8/131872178/biwadoxapodat.pdf
  • https://bukiwajomudaf.weebly.com/uploads/1/3/4/4/134437050/5e5bd9d155.pdf
  • http://medtechnika1.ru/best_dab_radio_alarm_clock_2020_ukegspa.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://bapadukaf.epizy.com/73076397802.pdf
  • http://dobupefibukin.epizy.com/wedding_invitation_templates_for_friends.pdf
  • http://polexusuzoxofiw.epizy.com/japan_guide_lake_kawaguchiko.pdf
  • https://602af194-5307-4bd7-bf09-435e6df32b58.filesusr.com/ugd/bf07b1_a1c3d5d5944e4febaa4e82c448fbf7e9.pdf?index=true
  • https://s3.amazonaws.com/girilifawuxi/windows_defender_update_for_win_10.pdf
  • https://s3.amazonaws.com/lerezazo/ozeri_cookware_reviews.pdf
  • https://fec450ea-b80f-4746-b851-35139cc02de5.filesusr.com/ugd/53a83b_c7c6e5d2665b477983726c5dc9855127.pdf?index=true
  • https://b9b086bb-db5c-4c47-b99c-4ca3d8c772c1.filesusr.com/ugd/c090b7_4000245b32df444fa4f3f3258cabbc23.pdf?index=true
  • https://s3.amazonaws.com/zidosozawok/22248415360.pdf
  • https://s3.amazonaws.com/jofunozuzof/33866159917.pdf
  • https://s3.amazonaws.com/fusopoxipo/ancient_cities_ita.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.