Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• QR-code redirect lure medium SE_QR_LURE
  Document instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://allytemp.ru/pbw?utm_term=dead+target+redeem+code+generator+for+android+phone

  • https://finibolamojirum.weebly.com/uploads/1/3/5/3/135341575/e6d53698c241d60.pdf
  • https://jitoxazenop.weebly.com/uploads/1/3/4/5/134588357/780027.pdf
  • https://rojilijeliw.weebly.com/uploads/1/3/1/4/131409822/wupugejipitiled-gizidixo-gonatuz.pdf
  • https://cdn-cms.f-static.net/uploads/4490272/normal_605dacd0cef15.pdf
  • https://cdn-cms.f-static.net/uploads/4373997/normal_60358006ce1d6.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://wuwazilizos.pbworks.com/f/61581734260.pdf
  • https://uploads.strikinglycdn.com/files/e79f92eb-89a3-4f78-ada5-02267d72ea11/nail_salon_open_near_me_5_star.pdf
  • https://uploads.strikinglycdn.com/files/8bee4f8b-74b1-49f9-aecb-8acd046b65cc/rolasudixosijutuwunezu.pdf
  • https://uploads.strikinglycdn.com/files/75014ecc-4e9a-41fe-8bb0-d470b3511d45/kiwitopedijeweguve.pdf
  • http://sazupamufode.pbworks.com/f/45327580062.pdf
  • https://uploads.strikinglycdn.com/files/c3cd4317-d39d-4730-9143-80c959149871/altered_carbon_season_2_episode_4_plot.pdf
  • https://uploads.strikinglycdn.com/files/364c1e95-7177-4c1e-9d0f-88ac4ed55968/vixefox.pdf
  • http://pokuwatosat.pbworks.com/w/file/fetch/144438078/23198454251.pdf
  • http://nigezid.pbworks.com/f/gufudowisalavavaresexad.pdf
  • http://tazijebep.pbworks.com/f/best_buy_return_policy_without_receipt_gift.pdf
  • http://xojifot.pbworks.com/w/file/fetch/144413610/periodic_table_of_elements_symbols_and_names_quiz.pdf
  • http://fixiguru.pbworks.com/w/file/fetch/144436398/joxusivititabasatigemi.pdf
  • https://uploads.strikinglycdn.com/files/a2124c28-167e-4b55-a99e-145bda0bd859/what_is_the_easiest_english_bible_to_understand.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.