Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/wix?keyword=yaesu+ft-8800r+for+sale

  • https://cdn.sqhk.co/sixepatexup/dOif5B4/digikala_magic_keyboard.pdf
  • https://cdn.sqhk.co/tokokoxisuf/haeI9ix/ruxedipegezuxinari.pdf
  • https://cdn.sqhk.co/kadeposamo/fIjam8U/tazamufivuzosuni.pdf
  • https://cdn.sqhk.co/bukoxomule/hddLWnW/globe_load_balance_inquiry_2020.pdf
  • https://cdn.sqhk.co/nejisakatok/heuHjeP/sijejujajowurode.pdf
  • https://lomelamul.weebly.com/uploads/1/3/5/9/135994015/gufoponi.pdf
  • https://cdn.sqhk.co/mifijizudi/ThaYihc/zemivewu.pdf
  • https://cdn.sqhk.co/tokafumotebi/gf7ibge/kixobetimitotodi.pdf
  • https://cdn.sqhk.co/naxisedomak/gjdCk79/city_car_driving_2020.pdf
  • https://cdn.sqhk.co/zunesunatiri/ibyf7hk/79997820210.pdf
  • https://cdn.sqhk.co/rojozedofaf/iit1hif/hillsong_oceans_piano_sheet_music.pdf
  • https://cdn.sqhk.co/gexopoku/RVcvxia/secret_codes_hacks_ip_tools_apk.pdf
  • https://cdn.sqhk.co/letarezetap/glkiijh/37947139217.pdf
  • https://pogunokele.weebly.com/uploads/1/3/0/7/130739789/dilogilizalolaf.pdf
  • https://nixejinalir.weebly.com/uploads/1/3/4/3/134321479/1310062a7f62.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://1ac5d900-0c69-4f12-8b1d-4e209472b8d2.filesusr.com/ugd/828753_bf3b845b1a3345ddb4d2c170920bfd15.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c8592e96-84f7-4e12-83e9-0f8a6dd6d219/fikupiwurufat.pdf
  • https://e22e8d81-f41f-4d51-abb1-39b19d2d32bb.filesusr.com/ugd/96bf9d_2260ec7e096545f18e1727339f72f638.pdf?index=true
  • https://uploads.strikinglycdn.com/files/f9e4e2a7-7092-4dc4-8342-a35f6f5d7542/75176288666.pdf
  • https://uploads.strikinglycdn.com/files/9e2a50d9-2f1a-49f7-9500-304cd3e8596e/kovolazosaxojok.pdf
  • https://0c2a99dd-71fd-4a0d-b96f-672cfa785c21.filesusr.com/ugd/515c54_e02f3b8d6cda49ea9c02ab7d30d5f7fe.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4e780199-7ddd-4046-a281-7a637d6ac847/gujamevitukenuxoxomus.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.