Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=my+sony+tv+is+not+powering+on

  • https://static.s123-cdn-static.com/uploads/4491665/normal_5fc732f69bc3c.pdf
  • http://nipokaxa.getenjoyment.net/21477750098.pdf
  • http://pejazadajenatew.getenjoyment.net/mechanical_engineering_internships_summer_2020_chicago.pdf
  • http://bibivire.mygamesonline.org/piliwujuvovejufis.pdf
  • http://gupirigugorixuf.sportsontheweb.net/63631340362.pdf
  • http://formverifiedbadge.com/american_big_picture_a1hhv06.pdf
  • https://static.s123-cdn-static.com/uploads/4407813/normal_5ff9ca05465f8.pdf
  • http://silkhfig.bid/gowezixewetompg6z.pdf
  • http://srakan.space/i_am_the_messenger_markus_zusakt6lzd.pdf
  • http://vozobatenaw.mywebcommunity.org/contact_metamorphism.pdf
  • http://digitalliteracyinstitute.com/93675274501g2d20.pdf
  • http://nibelv.xyz/kenmore_series_500_washer_hot_water_not_working3cawy.pdf
  • https://cdn-cms.f-static.net/uploads/4416675/normal_6022058243956.pdf
  • http://larebalin.mypressonline.com/management_accounting_for_business_decisions_drury.pdf
  • https://cdn-cms.f-static.net/uploads/4365570/normal_60560dae56229.pdf
  • https://static.s123-cdn-static.com/uploads/4445871/normal_60023f4b90c07.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://bekusisit.atwebpages.com/41312903806.pdf
  • https://0315d410-4255-45a3-9477-873949dd02ac.filesusr.com/ugd/f85006_31a69b0346a94c31bcc0844047c1a95c.pdf?index=true
  • https://247e77cc-5367-4382-8586-7c5891409f42.filesusr.com/ugd/2dbf5a_11f1fb5552524d42aa9c963b019b2383.pdf?index=true
  • http://wutejaxevewef.myartsonline.com/bouwkunde_boeken.pdf
  • http://pabewuvuxaf.onlinewebshop.net/courage_brother_do_not_stumble.pdf
  • https://9005a25f-7293-4a73-bb0f-bc58e8c16807.filesusr.com/ugd/e3834b_81eb9fc2f1474a11b94bd6aca73d3111.pdf?index=true
  • http://nakeviw.myartsonline.com/3389114661.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.