Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/strik?utm_term=how+to+play+drum+beats PDF link annotation

  • http://vopukisavenif.medianewsonline.com/atividades_de_alfabetizao_eja.pdfIn PDF document text
  • http://woxijakuzadajew.getenjoyment.net/80962811782.pdfIn PDF document text
  • https://subamepowesita.weebly.com/uploads/1/3/4/8/134875458/a5f2183a.pdfIn PDF document text
  • http://gatofupimekow.mywebcommunity.org/diagnostico_de_hiperaldosteronismo_primario.pdfIn PDF document text
  • https://pasifoberili.weebly.com/uploads/1/3/4/8/134881239/tudiwedimisudi.pdfIn PDF document text
  • https://sixuvowapunara.weebly.com/uploads/1/3/0/7/130738553/tadeluwowigaraj.pdfIn PDF document text
  • http://rolapisi.scienceontheweb.net/jubituwoponamibo.pdfIn PDF document text
  • https://pikoxujedogusu.weebly.com/uploads/1/3/4/6/134665618/safolodusotivux_redozisop_rafaritivo.pdfIn PDF document text
  • https://tufezojaf.weebly.com/uploads/1/3/1/3/131384552/2395314.pdfIn PDF document text
  • http://nomenowunesazoz.scienceontheweb.net/57930203687.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://b5b764bc-4fc6-48d7-9a4b-423a4d05f225.filesusr.com/ugd/3f2390_1aa9100a680142aeb8ba5647c955842b.pdf?index=trueIn PDF document text
  • https://3b0fe5ff-7f86-489c-8138-fc984e51136c.filesusr.com/ugd/bfd78a_3950912b60ce4c36998bcfc81241ca1b.pdf?index=trueIn PDF document text
  • https://ca108e69-7b6b-43f0-8f16-d96ebeb8a33d.filesusr.com/ugd/79e0dc_a3aede06ef9c40cea27671985e6ffb32.pdf?index=trueIn PDF document text
  • https://3b1a0cff-dc54-4917-88c1-cdf904a8db56.filesusr.com/ugd/60aab8_5da1a410ae02439d9eda8d70916ed2c9.pdf?index=trueIn PDF document text
  • https://510adc33-753b-44c0-977e-8d34da8fcdd4.filesusr.com/ugd/5f4192_609bfc32e73846a88c5d1f1ea2f1457d.pdf?index=trueIn PDF document text
  • http://saxodanokijaj.atwebpages.com/what_is_the_best_food_saver_vacuum_sealer_to_buy.pdfIn PDF document text
  • https://7a1f2a0d-094a-4466-88af-72a4af93b9fa.filesusr.com/ugd/22739b_7a0de5fe88ec417296223e6ff9f9d1f2.pdf?index=trueIn PDF document text
  • https://995be609-08d3-41b1-a6c0-90e53670bcec.filesusr.com/ugd/9988e1_4dee5ef856db429aa65fe01e134e124e.pdf?index=trueIn PDF document text
  • https://f187853a-68e6-4ed6-a420-9593b89d6738.filesusr.com/ugd/27c34a_e7c078bf29aa4ef68e05a484638e9592.pdf?index=trueIn PDF document text
  • https://5e0c4d4d-41f9-428c-9564-b93e7cff6769.filesusr.com/ugd/510691_2418c94baed44d88ba009bc316d846ae.pdf?index=trueIn PDF document text
  • https://eaae50f7-3b1c-4f1b-9b3c-e2a48377569d.filesusr.com/ugd/b96e41_19a8260fbccc4283aea26b85eea7b597.pdf?index=trueIn PDF document text
  • http://vebagakid.onlinewebshop.net/advanced_auditing_textbook.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.