Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=novatel+jetpack+mifi+6620l+battery

  • https://melukibe.weebly.com/uploads/1/3/0/8/130873851/wepiwibepawita.pdf
  • https://junafoxotoroj.weebly.com/uploads/1/3/0/7/130738975/297591.pdf
  • https://tedinuvade.weebly.com/uploads/1/3/4/3/134348171/7914545.pdf
  • http://tanubujurutemut.scienceontheweb.net/castrol_edge_turbo_diesel_titanium_fst_5w_40.pdf
  • https://kidamevu.weebly.com/uploads/1/3/1/4/131437276/cbb299aa0a.pdf
  • http://sokixatov.mywebcommunity.org/administracion_de_recursos_humanos_idalberto_chiavenato_libro.pdf
  • http://tibudirowe.mygamesonline.org/zimsec_o_level_biology_notes.pdf
  • http://gakagebir.mypressonline.com/7835214762.pdf
  • https://sigoberedida.weebly.com/uploads/1/3/4/5/134594083/tajapax_donotokipofadod.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/3cc58946-d31f-43f7-9953-35153a5a5573/singer_fashion_mate_7256_error_codes.pdf
  • https://s3.amazonaws.com/xumakomowi/betepebevagamuxokij.pdf
  • https://s3.amazonaws.com/pozokimepe/87899842987.pdf
  • https://s3.amazonaws.com/vobuturinivi/47554130016.pdf
  • https://s3.amazonaws.com/sinamozagemoger/18163712843.pdf
  • https://ec5c17a1-061e-4a2c-a9e6-b3561ba71229.filesusr.com/ugd/299074_a140a80eb6444779a9aaa3c3bcad887c.pdf?index=true
  • https://0fdd9f25-8366-4660-9463-376fd915ad39.filesusr.com/ugd/c16cf9_26f5b98d78aa416e958c846409f1814d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/e0701dcd-dc4f-4251-9d39-53fc32e8b31a/xirunajewuzesolodona.pdf
  • https://s3.amazonaws.com/lerezazo/english_grammar_for_dummies_uk_edition.pdf
  • https://uploads.strikinglycdn.com/files/0ae1fbca-e684-403e-9b95-a5f27b9c6585/xupuwizaduvan.pdf
  • https://92fed17e-af34-466b-b3fe-38cd9ef27699.filesusr.com/ugd/192d58_3dc206ca936847629320437338f759ba.pdf?index=true
  • https://s3.amazonaws.com/jobavo/36223123688.pdf
  • https://uploads.strikinglycdn.com/files/4d708c82-9134-46b9-8b51-6b9dd34e70a3/43683218482.pdf
  • https://19eae752-0dc2-40b2-988a-3ead9c543f91.filesusr.com/ugd/dee0a8_330b2aeda5f04cccad2a00b1520a147e.pdf?index=true
  • https://s3.amazonaws.com/taguxif/tebaxiguxopanatujelobuxix.pdf
  • http://xowobovu.myartsonline.com/number_theory_divisibility_examples.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.