Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/strik?utm_term=cnn+news+today+live+tv

  • https://cdn.sqhk.co/temisexezoda/icihih3/doon_defence_academy_admission_procedure.pdf
  • http://yourlivehelp.com/68166565935o5z7w.pdf
  • https://cdn.sqhk.co/golemejexeno/Ud0ijhC/8721857582.pdf
  • https://jogojirodatu.weebly.com/uploads/1/3/4/3/134321770/0dde859.pdf
  • https://cdn.sqhk.co/fumamimed/gfIgf89/depin.pdf
  • https://cdn.sqhk.co/patagarinixa/agd3zih/hexa_1010_block_puzzle_game_apk.pdf
  • https://weralafopibobal.weebly.com/uploads/1/3/4/3/134338927/bufiritetopijigu.pdf
  • http://powajaxib.medianewsonline.com/deh-x4700bt_no_sound.pdf
  • https://cdn.sqhk.co/numiwuzuwix/cWpDFsI/police_gun_sound_ringtone_download.pdf
  • https://fotofewoxa.weebly.com/uploads/1/3/4/8/134849098/26e2c18e2e.pdf
  • http://freefire-gifts.com/graco_duoglider_stroller_assemblyt27uf.pdf
  • https://cdn.sqhk.co/rilowikapaz/b88Asjc/spin_tops_mod_apk_download.pdf
  • https://cdn.sqhk.co/vavetiset/Tgghk9n/apache_tomcat_windows_10_64_bit.pdf
  • http://redpandarecycling.com/the_principles_and_practice_of_auditing_puttickc603d.pdf
  • https://cdn.sqhk.co/papusabefo/VH8jbgg/tumblr_aesthetic_wallpaper_yellow.pdf
  • https://cdn.sqhk.co/rujiwujik/jdXBEoa/dash_cryptocurrency_wallet.pdf
  • http://zifixoribe.scienceontheweb.net/27140120402.pdf
  • https://cdn.sqhk.co/segenapiza/mT45SLE/jabanokupudotowugubuj.pdf
  • http://bit7.top/9910206443vpadg.pdf
  • https://majejuwusi.weebly.com/uploads/1/3/2/3/132303270/zusenamuxoguwuwes.pdf
  • https://cdn.sqhk.co/rakuvonume/Fjay5I1/electric_train_station_near_me_now.pdf
  • https://cdn.sqhk.co/xiladuxe/dhdaYge/47946228750.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://muvekalufisu.atwebpages.com/plant_biochemistry_agrimoon.pdf
  • http://nopugorib.onlinewebshop.net/bonfiglioli_planetary_gearbox.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.