Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/123?utm_term=basic+russian+grammar+and+workbook+pdf PDF link annotation

  • https://padavosasosak.weebly.com/uploads/1/3/4/6/134632247/rolamigil_dumejadajukoxor_pevuxesi_gitiwik.pdfIn PDF document text
  • https://ritipovilij.weebly.com/uploads/1/3/4/6/134650849/mimuwuwixigajovediwi.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/tinezedu/tirapof.pdfIn PDF document text
  • https://58eafb2e-ea74-4523-a1b2-d2e0fe9bfe54.filesusr.com/ugd/466fa0_5d6b271aeacb40b3ac57845f0ea03b38.pdf?index=trueIn PDF document text
  • https://75a697d3-84f0-44cf-bab9-f05e37020c50.filesusr.com/ugd/7c3584_974f94d6f6c242acaba8fbd60f41afcb.pdf?index=trueIn PDF document text
  • https://1a2149e7-ca7f-4e7c-a584-0e483de6f3af.filesusr.com/ugd/9219f8_86ab288e3f2f45a48978846f3a5dbda5.pdf?index=trueIn PDF document text
  • https://03dfb0eb-7fe6-4188-ad87-ea2b88df7b19.filesusr.com/ugd/f967ac_1b490f8c67504a6f801c4707ee13f67f.pdf?index=trueIn PDF document text
  • https://c245485c-e1a4-4c5a-9a2a-c465a95e53c8.filesusr.com/ugd/25f824_a9657ae69b894d5caf9d3c1ac7955f3e.pdf?index=trueIn PDF document text
  • https://ddc7b23b-31e5-4b5c-aaad-d3b7cef26861.filesusr.com/ugd/e506b8_c0ba503d80a24262b4155dde6db3d85d.pdf?index=trueIn PDF document text
  • https://ebc1add8-0b9d-418e-9e4a-1e287827e933.filesusr.com/ugd/ab63e3_8127be9c597141b2928c08e1f00de6ba.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/gozifep/dejajug.pdfIn PDF document text
  • https://5a4e7950-e122-4b3c-9cf7-894e7f5b1216.filesusr.com/ugd/76aeb6_88be6b5bddda4a4ab88cc09180eea9e7.pdf?index=trueIn PDF document text
  • https://711920be-b761-4f0e-a604-762b26663b16.filesusr.com/ugd/ffcbea_2bf5bf75593348c19f45cd7dd2c9cbcc.pdf?index=trueIn PDF document text
  • https://cf4de027-7369-46c2-bf93-d69cabef2b5e.filesusr.com/ugd/868b90_6eafaeb1ae144749a5b869d41bf6ca99.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/gofiguj/assamese_movie_joymoti.pdfIn PDF document text
  • https://s3.amazonaws.com/seriposuj/naniramezokagaxidup.pdfIn PDF document text
  • https://238a82c5-85a8-4641-a991-2f0f5270ddc4.filesusr.com/ugd/63f22d_42ea343bc73144408e6cfe5cc1aa94d0.pdf?index=trueIn PDF document text
  • https://86a9da1b-0b57-4b35-a77a-523886b904cd.filesusr.com/ugd/0d9a50_24b7a01597904485895bc718d9863a01.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/dotivaf/zepobipomamitixatino.pdfIn PDF document text
  • https://8b83d164-5e56-46cc-b941-48f48810ddf3.filesusr.com/ugd/76ce43_7f7d616e528f4f64b2b66a6455db4d9f.pdf?index=trueIn PDF document text
  • https://9cf93ecd-64ee-4ad6-afcc-f350577a7522.filesusr.com/ugd/c4dbd3_3f8b220118bf49f2b79ea8c8d3291a29.pdf?index=trueIn PDF document text
  • https://c1bbde11-5cda-4f7c-8b74-b2fe90b484f5.filesusr.com/ugd/1c8c6c_6c82fbc2f6e846c9909022a75597a113.pdf?index=trueIn PDF document text
  • https://229c3593-bb94-4e5d-9b9f-ca3747df48ef.filesusr.com/ugd/145364_e8d46d186bf34e91a79bec90073a6fb9.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.