Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/aws?utm_term=how+to+change+zip+code+on+dish+network

  • http://goodsun.space/first_grade_math_problemsmaf6k.pdf
  • http://good-production18.site/golden_wind_virtual_piano_sheet1o2bo.pdf
  • http://drovazvenigorod.ru/12250392139cfnjl.pdf
  • http://springtea.space/stargirl_book_summary_chaptersy46zv.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/a773349f-3a0d-4857-b904-d5853247b701/why_is_my_electric_pressure_washer_not_working.pdf
  • https://uploads.strikinglycdn.com/files/f009dc1c-fc71-426f-9565-94f9cd944e6a/mubibexozupibex.pdf
  • https://a29d81ee-e589-4368-99bd-4e0be04eb4c0.filesusr.com/ugd/a89e6e_7daaa900aab245cfa54c6f9dd6c871ea.pdf?index=true
  • https://920f4c01-5fd6-4c40-8b27-b99972fecb60.filesusr.com/ugd/d63aaf_15c2c2fa958f4f158e5fac74fca497f2.pdf?index=true
  • https://d5f1d3db-1598-48d0-a061-764c190a6564.filesusr.com/ugd/866690_d7944250677844aabacedc4400978d2d.pdf?index=true
  • https://eadb47d6-6712-4ecd-aa5a-2cdcf2d90b86.filesusr.com/ugd/c844bf_3fe89a84f886486d9d1d551157de2334.pdf?index=true
  • https://56076a71-1b70-41e8-afe1-d547c394b4ee.filesusr.com/ugd/ab0d05_0492a6f2c751479f96fffacadc5f1d76.pdf?index=true
  • https://s3.amazonaws.com/jutenojamega/wegabizutiziva.pdf
  • https://uploads.strikinglycdn.com/files/5ed4b7a5-8856-4182-b4a1-a68404193710/new_england_beekeeping_supplies_inc_tyngsboro_ma_01879.pdf
  • https://ea64ff4c-51e6-4efc-8cc1-399682447901.filesusr.com/ugd/961f18_8227800bdd3348fb84240705eebdf967.pdf?index=true
  • https://uploads.strikinglycdn.com/files/de8c6176-2877-4dc2-9d9e-6e231780adea/focusrite_scarlett_solo_3rd_gen_driver_mac.pdf
  • https://uploads.strikinglycdn.com/files/e0319b7e-2067-43d7-9ce3-49b6344becda/98327192594.pdf
  • https://s3.amazonaws.com/wezukep/tippmann_a5_egrip_vs_response_trigger.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.