Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
  PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
• Remote-support tool lure high SE_REMOTE_SUPPORT_LURE
  Document instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/123?utm_term=plugin.+video.+ccloudtv+tv+zip PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/29d70cfb-110b-4c55-b63c-18fd327d531b/how_to_train_your_dragon_3_4k_download.pdfIn PDF document text
  • https://s3.amazonaws.com/kujapomib/50474786871.pdfIn PDF document text
  • https://s3.amazonaws.com/gomaxod/brastemp_inverse_manual_de_instrues.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/96e2ba0f-8ed3-42fd-9fd1-ea90f05f919d/gokefu.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bafe5043-e940-49c8-a02f-50cf08991a1f/my_60_memorable_games_chessgames.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3c4fbd9c-5057-4848-a2f5-a466049a015f/fidigivixo.pdfIn PDF document text
  • https://5e9816b5-e261-4a84-a5c7-594b6999e1c8.filesusr.com/ugd/eb2f7d_fddb370cf5e74ae99af2adeb242e0499.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/0dd79bc4-e5a5-4aff-a836-826210875911/nodozimijizologi.pdfIn PDF document text
  • https://s3.amazonaws.com/naxizugenabi/582470962.pdfIn PDF document text
  • https://11f44e1d-c86f-4be6-baa1-90970e7c24f5.filesusr.com/ugd/a298ce_cc57f0afc6e44fa1a02be78bb4bce400.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/3906c55d-3523-4c96-a148-5050b4807152/35672891258.pdfIn PDF document text
  • https://s3.amazonaws.com/vavejijitatofu/inner_join_vs_cartesian_product_performance.pdfIn PDF document text
  • https://4b0cdf75-2e42-4830-99f1-bbdbaec3f661.filesusr.com/ugd/891219_a159983c51ee47d6969f6cb750793b31.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/numunenoji/stone_soup_recipe_with_ground_beef.pdfIn PDF document text
  • https://s3.amazonaws.com/xilasisefi/64026535140.pdfIn PDF document text
  • https://070488ba-e3d9-4c74-834b-445551f5513c.filesusr.com/ugd/fb83f1_5e2647ba4fd64b69935e692d8e435b6c.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/bad578b1-cb7b-4862-8d77-9dddf1f5b785/31852684333.pdfIn PDF document text
  • https://46fb9a51-9e16-4ad8-811e-2f7ed01702f7.filesusr.com/ugd/53363c_ee87dba443a9496e984e9335b98053d4.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/tezude/vexcode_iq_blocks.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4345cab6-0ca4-47dd-a08e-b211733c5c52/zeradajowik.pdfIn PDF document text
  • https://s3.amazonaws.com/povodijirig/whats_in_steak_tartare.pdfIn PDF document text
  • https://s3.amazonaws.com/piwupevivotixi/spotify_on_cellular_data.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4902b16a-f6d7-4b09-a449-02fdef846978/jevixapawagezakejiwu.pdfIn PDF document text
  • https://s3.amazonaws.com/daraniwekamidir/razas_de_caballos_de_carreras.pdfIn PDF document text
  • https://s3.amazonaws.com/nevowimo/vidmate_old_version_2019_apk.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/37f93fcb-160d-4dd1-9a80-352714e16c63/elements_of_music_terms_and_its_meaning.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.