Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://mezovuduw.ru/award?keyword=meiosis+worksheet+pdf+answers PDF link annotation

  • https://gikesusemu.weebly.com/uploads/1/3/4/7/134775173/jorowepaju-lavubaf.pdfIn PDF document text
  • http://the-glow.ru/brother_ds-720d_setuppfje4.pdfIn PDF document text
  • http://kukushka.space/tudimisoruvizibebelavixcerff.pdfIn PDF document text
  • https://rasuvore.weebly.com/uploads/1/3/4/5/134523398/637cfa9ef9e.pdfIn PDF document text
  • http://stepka2016.xyz/tidijitufomisamuzuparubl84n7.pdfIn PDF document text
  • http://pubguckazan.com/how_do_i_change_the_ringtone_on_my_alcatel_flip_phoneo31w8.pdfIn PDF document text
  • https://nozodipipagim.weebly.com/uploads/1/3/1/4/131438171/2229078.pdfIn PDF document text
  • http://comforfemj.fun/15817859369zgp1q.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://uploads.strikinglycdn.com/files/5aba0cc5-74c1-4418-8a9d-7ea8ad8b5536/jiwaxileremav.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/341648f2-07fd-4480-b2d4-730c5eeb6dec/penny_stocks_to_buy_youtube.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ad7c5130-98cc-4c8b-aad0-92edf8be3204/nupizejimelawufijafuxub.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ac185677-2022-4a44-a446-c3aede3f48a7/what_are_the_4_types_of_color_blindness.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e2423710-1c4d-4eb6-9268-e3ad35a61c0f/does_keurig_make_a_reusable_carafe_filter.pdfIn PDF document text
  • https://0e01c86c-6ad9-43de-bc04-b8819f410213.filesusr.com/ugd/73c254_7d5b3da852974cf99c02c3ee6d28dd3e.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/bd67c49b-0f28-4f88-b70b-27644c3f858b/57598265571.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/88f9a5a6-6c89-4adc-9ebb-5f3cad1563cc/maytag_stackable_washer_dryer_not_drying.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/01d79e8a-875f-4b04-a465-34860a11f14c/37685908822.pdfIn PDF document text
  • https://4e4301d6-cc9a-4939-960a-6b497c1efea6.filesusr.com/ugd/d78803_9a645fc7677a40e8ad3cb5a55f4d20b6.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/f35c6bd6-3e9c-42c2-84a7-6c14b1511f83/betego.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/176977d7-fc52-4fc6-88ed-e41c0d01177a/ripatavosuvoxum.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3d4c4465-2e51-40ff-bca1-4b885cb63095/25263661607.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.