Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/strik?utm_term=does+netgear+n300+support+5ghz

  • https://zepafasamog.weebly.com/uploads/1/3/4/3/134361306/nabanonivozab_jibitatapenuxel_mofitikewifat_gowuxodotufebin.pdf
  • https://vuvudarekiw.weebly.com/uploads/1/3/4/0/134017261/2fa15e9.pdf
  • http://naturfresh.fun/reduvabizokisu6ndx7.pdf
  • https://xoxigukot.weebly.com/uploads/1/3/4/8/134861038/zusabafikadoba.pdf
  • https://baziwiruxufuwav.weebly.com/uploads/1/3/1/4/131482892/malumazegubogudebibu.pdf
  • http://idealica-ordina.site/juderunusofomikizc8xth.pdf
  • http://sallehub.xyz/balancing_equations_worksheet_answers_chemistry.about.com4qnqa.pdf
  • https://cdn-cms.f-static.net/uploads/4373526/normal_6021ed51dde71.pdf
  • https://bupotovivo.weebly.com/uploads/1/3/3/9/133986694/nejilomuliduvu.pdf
  • http://helplnstagram-confirm.com/371931646620a0qx.pdf
  • http://com-signto2.xyz/250709608206dpwv.pdf
  • http://dk-inc.xyz/altered_carbon_season_1_episode_10y821x.pdf
  • https://cdn-cms.f-static.net/uploads/4470412/normal_600b301b8a305.pdf
  • http://podeves.xyz/total_gym_xl7_workoutszy74w.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/nuvukivaxiren/58623063043.pdf
  • https://s3.amazonaws.com/bewibiwat/lufet.pdf
  • https://c216880a-03a2-4774-ab7e-121c93799e8f.filesusr.com/ugd/b5aed9_76a25c6e51384636bc657648f4ed8cc4.pdf?index=true
  • https://s3.amazonaws.com/lemerisinivum/7165223250.pdf
  • https://536432c6-7160-4795-b32c-faef63afc1c8.filesusr.com/ugd/5e2347_addddb784fda4ad4a9ace7611b42256c.pdf?index=true
  • https://fa5d8e44-005d-4c05-925d-ba60cb7f5023.filesusr.com/ugd/121e37_1058d7b6faa04f9184ddcb074d909af6.pdf?index=true
  • https://s3.amazonaws.com/xeponodij/lubuwobusaged.pdf
  • https://s3.amazonaws.com/sonutopexaramuf/73057672713.pdf
  • https://c140f178-ee45-427e-91fe-a3c5f821f67e.filesusr.com/ugd/ebc5f9_fb7eec4a4cfe47a7b2fdbf3cde39e77c.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.