Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/strik?utm_term=kenmore+water+softener+repair+service

  • https://static.s123-cdn-static.com/uploads/4483388/normal_5fedfeb74d84f.pdf
  • https://cdn-cms.f-static.net/uploads/4450145/normal_6029f93c6bfa9.pdf
  • https://static.s123-cdn-static.com/uploads/4450636/normal_6002670e34b7c.pdf
  • https://cdn.sqhk.co/wepigosogo/i1shbgc/40201251077.pdf
  • https://cdn.sqhk.co/gotoruzud/cOieHWx/4447056995.pdf
  • https://cdn-cms.f-static.net/uploads/4427274/normal_6017f756c2a7c.pdf
  • https://cdn.sqhk.co/nedabuke/mggkL2x/47295610569.pdf
  • https://cdn.sqhk.co/sirobuse/ihijhbO/90295335560.pdf
  • https://cdn.sqhk.co/xubewarow/hcUjjaD/the_legacy_apartments_longmont_colorado.pdf
  • https://cdn-cms.f-static.net/uploads/4408863/normal_603a22bd05e2b.pdf
  • https://cdn.sqhk.co/zapimafe/dQheijv/37938931476.pdf
  • https://cdn.sqhk.co/genonitag/Isha3hf/engine_sound_generator_online.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://0108a07e-94d6-443d-bfa7-575dd38852ad.filesusr.com/ugd/756a01_cdd33092a2a54d3ea97090d57e51e358.pdf?index=true
  • https://be934b08-0dcc-4e2e-8de1-c3c1c32dbfab.filesusr.com/ugd/d5415a_70a435042656492e9b14999842a6b6f7.pdf?index=true
  • https://234d5d8d-19c9-4cab-a884-dd0775662658.filesusr.com/ugd/fb7225_e700ca4b45e8473ea8882d567f2ba532.pdf?index=true
  • https://233b4d2f-9c44-4004-b776-098ebc281e6f.filesusr.com/ugd/7f980c_32edcef180f7438f95eda6b31922dbbb.pdf?index=true
  • https://s3.amazonaws.com/xapota/xulaliludi.pdf
  • https://44bb6ee8-a0fe-4f72-890f-0f0a2fec05cf.filesusr.com/ugd/b65acf_5a7efb6e15a343ad831b8ea561b0700a.pdf?index=true
  • https://s3.amazonaws.com/fekazudabo/tamil_rc_christian_audio_songs_free.pdf
  • https://8319d365-0190-44ee-b2f3-e76f6fd230eb.filesusr.com/ugd/112488_f238c381948d46a39d23f725964d68f2.pdf?index=true
  • https://5a1138df-423b-4a5d-a7c7-36223740754e.filesusr.com/ugd/a72fa8_e807a6e7d1294588b02e1c4590484a22.pdf?index=true
  • https://ef733714-782c-48ea-8991-1bc0bf0c95f2.filesusr.com/ugd/ad2ade_e6e54572b0d246a28da75c50f77b2201.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.