Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crysiq.ru/pbw?utm_term=second+waltz+shostakovich+piano+sheet+music+pdf+free

  • https://cdn-cms.f-static.net/uploads/4474191/normal_600b95e61c0fd.pdf
  • https://cdn-cms.f-static.net/uploads/4501482/normal_606bc0f8329b9.pdf
  • https://cdn-cms.f-static.net/uploads/4492580/normal_604f9028631d4.pdf
  • https://cdn-cms.f-static.net/uploads/4403271/normal_60256bd37cd51.pdf
  • https://static.s123-cdn-static.com/uploads/4413735/normal_5fcf5887d8aab.pdf
  • https://cdn-cms.f-static.net/uploads/4462985/normal_6052832ebfca2.pdf
  • https://static.s123-cdn-static.com/uploads/4403428/normal_60021b5aeca55.pdf
  • https://lufaranari.weebly.com/uploads/1/3/4/6/134689474/tazogeniwefanes-faluz.pdf
  • https://static.s123-cdn-static-d.com/uploads/4372681/normal_60b63b3459cca.pdf
  • https://bajerezera.weebly.com/uploads/1/3/4/0/134016740/2c8f5.pdf
  • https://cdn-cms.f-static.net/uploads/4494165/normal_5fdad4f841100.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://wenitat.pbworks.com/w/file/fetch/144552483/5704333471.pdf
  • https://uploads.strikinglycdn.com/files/290c6c1e-b664-4da4-9b5f-18aedf2c4228/summoners_rift_map_download.pdf
  • https://uploads.strikinglycdn.com/files/d1e712bd-1eb8-474a-8038-7825bd507c38/themes_in_the_tempest_act_1_scene_2.pdf
  • https://uploads.strikinglycdn.com/files/10ea5b54-69b6-41a2-bd45-80002f784728/99937775998.pdf
  • https://uploads.strikinglycdn.com/files/faf0e6a0-770f-4bbd-989f-019f3058a87c/fondos_de_pantalla_en_movimiento_para_android_anime.pdf
  • http://gibuwodebu.pbworks.com/f/fox_business_app_for_tv.pdf
  • http://jesababa.pbworks.com/w/file/fetch/144413424/13442655968.pdf
  • https://uploads.strikinglycdn.com/files/e8710696-bd19-4168-9464-2a8c93778098/how_to_reject_someone_without_hurting_him.pdf
  • https://uploads.strikinglycdn.com/files/6d65e3a7-0a01-4ab1-ac0d-49eb0672322b/what_causes_high_blood_pressure_youtube.pdf
  • https://uploads.strikinglycdn.com/files/b93bbe95-9633-4ce3-a1e8-7cee7b73731f/84130127305.pdf
  • https://uploads.strikinglycdn.com/files/9f8bfb35-fee3-454a-8db0-6eed9d2f248d/aprender_a_leer_la_baraja_espaola_ola_gratis.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.