Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/aws?utm_term=how+to+align+zebra+printer

  • http://bioforce-co.site/how_to_prevent_beach_erosion_in_maldives8sg8r.pdf
  • https://static.s123-cdn-static.com/uploads/4476288/normal_5fffe8f6e38b7.pdf
  • http://retys.fun/12869336579zlp0w.pdf
  • https://cdn-cms.f-static.net/uploads/4500878/normal_60585b7839923.pdf
  • http://grantmedica.ru/anime_slayer_ipa7bti6.pdf
  • https://cdn-cms.f-static.net/uploads/4365662/normal_60342e4b2e0ea.pdf
  • https://static.s123-cdn-static.com/uploads/4478928/normal_5fe5a4487dcab.pdf
  • https://cdn-cms.f-static.net/uploads/4412164/normal_60134b391ab5b.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://9505ca4c-dfdc-4941-8fde-ded35496d0c9.filesusr.com/ugd/2097ab_b59720dc11aa49e5bc802a41f3081e00.pdf?index=true
  • https://3a988cde-8684-4da7-9cc5-a1c078ef4475.filesusr.com/ugd/1f7474_a0a220eb55704be4a7a5a5e724e3af41.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a044aec6-f7b9-4193-991a-9239b6a1ece8/mekala.pdf
  • https://s3.amazonaws.com/muvojugejoxip/zorojorederegisexigo.pdf
  • https://d6d3a1c5-32ce-46e9-ae92-c5b8d84d65d9.filesusr.com/ugd/a3b54b_933a594c895d43fc8f389c9f9da9d98b.pdf?index=true
  • https://f6142301-0c02-44dd-b2c5-62cf9b3cd0dc.filesusr.com/ugd/ebfdba_1c45596c9f3a483889f552bb05441e85.pdf?index=true
  • https://s3.amazonaws.com/jojitagifuva/elasticity_and_anelasticity_of_metals.pdf
  • https://s3.amazonaws.com/vobuturinivi/04_dodge_ram_1500_5.7_specs.pdf
  • https://uploads.strikinglycdn.com/files/7713d5b4-9a7b-45f8-b570-69eed01a1796/how_to_setup_netgear_ac1750_wifi_cable_modem_router.pdf
  • https://d3919fa5-c020-464c-a773-72e456e10464.filesusr.com/ugd/29136f_1d17ef44b4554d76a35472ef7500deed.pdf?index=true
  • https://907864b8-ab38-4b43-b195-7646ee37c451.filesusr.com/ugd/c4b402_5c2c890992c542559d7e27ba8346b0f6.pdf?index=true
  • https://s3.amazonaws.com/zafirawit/elementor_pro_ecommerce_templates.pdf
  • https://a2c67b61-a01d-4053-b7ad-f1487bca8054.filesusr.com/ugd/24853a_168b43a11b3d4668a6777f7a9c92702e.pdf?index=true
  • https://74fc1a11-d445-4ffb-bc6b-7a79e5a65a18.filesusr.com/ugd/097bd5_2e5e7d29c7a343d6a1312ca40230ca2a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.