Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maypoin.ru/strik?utm_term=z-line+designs+fiore+tv+stand+with+integrated+mount PDF link annotation

  • https://cdn.sqhk.co/kavuzoda/cSijZeu/ranifegifobugurekikovez.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4472213/normal_60272792b0b49.pdfIn PDF document text
  • https://cdn.sqhk.co/sobupepokor/NgcBnjg/lezawagirurosujem.pdfIn PDF document text
  • https://cdn.sqhk.co/bitomasijelo/athajha/hungry_shark_world_hack_ios_no_human_verification.pdfIn PDF document text
  • http://sowoxapexemex.sportsontheweb.net/sony_rx10_vs_rx100_vi.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4379384/normal_6039746dd1f96.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4384642/normal_60380e6881a53.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4476140/normal_60062cda6ef3c.pdfIn PDF document text
  • https://cdn.sqhk.co/rolidazi/dhjjfhj/vobuweruritagu.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4445868/normal_5fd68c06b5273.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://2d130471-2a64-48ba-87cf-8f1e86c6acad.filesusr.com/ugd/9c43ec_de518f74bbd54511ac38d94d2afeef79.pdf?index=trueIn PDF document text
  • https://df4002df-ed14-466c-b758-10ced248c840.filesusr.com/ugd/3b03e6_b69339f3e61a477da9d43b12ad46d84d.pdf?index=trueIn PDF document text
  • https://b7c6a474-53ed-4139-af63-4b2f501ae0e7.filesusr.com/ugd/e87294_2ed0e6f939974bb283ad901882e570b6.pdf?index=trueIn PDF document text
  • https://f3b86e06-b3aa-4ee1-82f7-79049f3379a8.filesusr.com/ugd/0c4fd2_2ec193c6bbe240d387bf03f5dc5eb364.pdf?index=trueIn PDF document text
  • http://sabiwilurase.atwebpages.com/html_css_js_learn.pdfIn PDF document text
  • https://f64a1a0a-debf-4843-a838-a34c0cae0f4a.filesusr.com/ugd/89602e_d97ff73d4d9944f0a384fd5fd60fc717.pdf?index=trueIn PDF document text
  • https://5ce19dfa-329f-495d-88d1-e1e7834d9072.filesusr.com/ugd/d902bb_69991f9a1ae041a7b3fe2aa169df6ea7.pdf?index=trueIn PDF document text
  • https://8d2868a3-57b7-484c-81f6-493c1c4f5daa.filesusr.com/ugd/a8ca0f_e5af2947893a4843a27f7de9c951daf8.pdf?index=trueIn PDF document text
  • https://f3b8d348-8566-49c9-a9f8-a2c3b9e1bc8e.filesusr.com/ugd/f1c748_4a19130a946f42c38c45a3294ebaf539.pdf?index=trueIn PDF document text
  • http://mawidinivetobi.myartsonline.com/39546030132.pdfIn PDF document text
  • https://c81c1a69-aec6-471c-ac34-7a6800eafc69.filesusr.com/ugd/9ef1ea_cdd07621b2824cc391c1f478b9e5ae32.pdf?index=trueIn PDF document text
  • https://c7bff75e-0a19-4817-9d47-fca4cf08161b.filesusr.com/ugd/3b6424_c763807f3b6b44cf8a8fb9097722d1ca.pdf?index=trueIn PDF document text
  • https://083189c9-8220-4687-a375-57be19a37228.filesusr.com/ugd/909b15_7a355eeb614b4678b9df4a32ed07b6dd.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.