Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/strik?utm_term=what+is+the+difference+between+shark+lift+away+and+powered+lift+away

  • https://cdn.sqhk.co/futogifoku/bgjhc3N/star_wars_galaxy_of_heroes_revan_event_requirements.pdf
  • https://wuxuvekukiku.weebly.com/uploads/1/3/1/3/131380251/2dcfe7c9b9979.pdf
  • http://xebupado.mypressonline.com/download_maulid_burdah.pdf
  • https://xesawamerubipox.weebly.com/uploads/1/3/4/6/134629950/a37e2.pdf
  • https://cdn.sqhk.co/penutizufib/nqkuLrR/bol_radha_bol_song.pdf
  • https://gazesomudari.weebly.com/uploads/1/3/1/0/131070071/bafijenukojop.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/3ee29d06-dbb8-460c-879d-9db1aa29ef39/does_audible_have_gift_cards.pdf
  • https://849bdae7-2456-4570-9e2a-fc769e7e49ad.filesusr.com/ugd/2074c9_3c97efd8138143d6ab25ff55558e7ea0.pdf?index=true
  • https://d0275d90-c5b4-4c72-b581-d0e2b62fc6dd.filesusr.com/ugd/ee54da_787c77cf7984408cb43b9a9b2322ffa5.pdf?index=true
  • https://6632aaff-1fe9-4f1d-acb3-7d444e457837.filesusr.com/ugd/ce4b7c_a83ead724712440aa486334f95165b46.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d5f83dd0-ce5b-4cfa-aada-ea13f6284f93/the_adventures_of_sherlock_holmes_tv_series_season_1.pdf
  • https://493f174a-a540-412c-bacb-e5b7b26cbfcf.filesusr.com/ugd/95bb70_7e32deafd1cc4efc9dfdf9dac2a93100.pdf?index=true
  • https://f6142301-0c02-44dd-b2c5-62cf9b3cd0dc.filesusr.com/ugd/ebfdba_5aed366e8a9445dc83f396fdd5d98e2e.pdf?index=true
  • https://dd7ee03d-3646-4e01-a1e1-4c0a7e2c9e57.filesusr.com/ugd/d7ba0f_2634db78872142d38c2104d0f2d11818.pdf?index=true
  • http://jalijoruki.atwebpages.com/dumadasane.pdf
  • https://8bd0dbf5-62e0-4684-a95a-1d9666dfa34a.filesusr.com/ugd/e71694_c53ce2cf469f416295ff831951a3ece2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/dbd21b8e-cfd3-41c3-bd45-1ac89f230d0e/much_ado_about_nothing_whedon_cast.pdf
  • https://uploads.strikinglycdn.com/files/a4d55fe2-66db-43be-b135-75a4ee1dc4a4/97365166479.pdf
  • https://55f5e71c-5f54-469f-9449-301c43944234.filesusr.com/ugd/bbdb65_a09f7e60f486486a9585f9906de9e0b3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/51bbc2d3-fb5b-4ebc-a484-76f7ffe91942/sony_ps4_controller_battery_replacement.pdf
  • http://dexizijisub.atwebpages.com/52654458022.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.