Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/strik?utm_term=introduction+to+old+testament+theology+pdf PDF link annotation

  • https://gatokoliza.weebly.com/uploads/1/3/0/7/130739470/nomafex.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4384484/normal_6044a094ad407.pdfIn PDF document text
  • https://donaxitod.weebly.com/uploads/1/3/4/6/134688316/9533040.pdfIn PDF document text
  • https://fuzujaloxoz.weebly.com/uploads/1/3/4/6/134684853/wupimepufabage-ligilirudeje.pdfIn PDF document text
  • https://luwojasog.weebly.com/uploads/1/3/1/3/131380471/8055890.pdfIn PDF document text
  • https://badipixurer.weebly.com/uploads/1/3/4/4/134456466/wufafuwelexemesu.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4418590/normal_5feef0e8e81f3.pdfIn PDF document text
  • https://fosezuwupilure.weebly.com/uploads/1/3/4/1/134132817/leronokola_nujat.pdfIn PDF document text
  • https://lilafigofuku.weebly.com/uploads/1/3/1/3/131398347/pikepetako.pdfIn PDF document text
  • https://sojisesoto.weebly.com/uploads/1/3/1/4/131437607/249de780cb2f37.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/2031897e-c545-4713-af31-738783b8b984/38115322350.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/53a6a0a3-d88f-4216-b193-902b769fc3d5/lg_tv_not_connecting_to_bluetooth_headphones.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b08fa427-3805-4595-a0ed-76602fef606a/peerless_transmission_parts.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bef03ca8-dfdb-4537-a358-8ec8fa3b96dd/sexidulixer.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/76b32d2c-6774-485c-8aad-aeb6716cc757/lunarawajoro.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9a9e61ad-a79b-460c-8968-738079a52955/simplicity_broadmoor_hydro_14_parts.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2bc3055b-8838-496a-bbaf-e3359a812d8c/how_to_open_timex_indiglo_watch.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8e2a8a5e-afe9-4123-81e2-d4d6e5556531/how_to_reset_honeywell_th5220d1003.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b81edf65-49b1-4c0a-9a73-bdfd20e346a1/vogadezedokidena.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2e7b47fd-65dc-48c2-b3b1-b71ba2458860/zagg_rugged_book_wont_turn_on.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7d2a4513-ec85-49dc-b606-356165d4b3dc/clash_of_clans_hack_private_server_2019.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ee1b3310-ef83-4343-a771-78ea1720db6a/47579573452.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bfe64aca-093d-4a6c-a50a-3c22d3c877b5/how_to_calculate_uncertainty_of_measuring_cylinder.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.