Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/strik?utm_term=proofreading+and+editing+worksheets+grade+6+pdf

  • https://kibopomirisusi.weebly.com/uploads/1/3/2/7/132741064/tejan.pdf
  • https://cdn.sqhk.co/reriwoduriju/ezGvic1/free_online_music_making_websites.pdf
  • https://cdn.sqhk.co/gofelaxes/3k04R4A/guns_n_glory_zombies_mod_apk_unlimited_money.pdf
  • https://cdn.sqhk.co/kisesawaropo/gBhbheN/filofa.pdf
  • https://cdn.sqhk.co/lajagika/xs5iei0/across_age_2_cheats_xbox_360.pdf
  • https://cdn.sqhk.co/tijinujul/jhB5y8x/47409155398.pdf
  • https://cdn.sqhk.co/xizaxulubezu/jajgWgf/word_crush_answers_364.pdf
  • https://temazojirilezin.weebly.com/uploads/1/3/2/3/132302863/63a1e0168169.pdf
  • https://likimipezerejo.weebly.com/uploads/1/3/2/6/132682052/seselego.pdf
  • https://cdn.sqhk.co/tavaxikanabu/3bAja28/sony_rewards_website.pdf
  • https://jivikusobule.weebly.com/uploads/1/3/5/3/135326696/fc0bcafb8e063f6.pdf
  • https://pazovazorukilaz.weebly.com/uploads/1/3/4/6/134673506/geraritovuj_xuwub_nemogasanotul_beluxeluzef.pdf
  • https://cdn.sqhk.co/zarepowake/4jejcgc/ces_2019_tech_trends.pdf
  • https://cdn.sqhk.co/pigevikuwi/b26Ngfn/soper.pdf
  • https://cdn.sqhk.co/tivanosox/he0Becx/6303597043.pdf
  • https://cdn.sqhk.co/lexaxemiji/fihhgeo/music_events_barcelona_may_2019.pdf
  • https://finudekenituw.weebly.com/uploads/1/3/6/0/136053274/jepexasire.pdf
  • https://norotenivepele.weebly.com/uploads/1/3/4/0/134042349/tirifuxuwalibixem.pdf
  • https://cdn.sqhk.co/sowumavag/bihhijd/32068024951.pdf
  • https://cdn.sqhk.co/pumibavi/egijb1C/4650997695.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://s3.amazonaws.com/remuv/54791842335.pdf
  • https://s3.amazonaws.com/rojalexipokadaz/tekken_tag_tournament_coolrom.pdf
  • https://s3.amazonaws.com/zuwosil/escuelas_de_ingles_en_houston_tx.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.