Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=trimble+business+center+training

  • http://supernefritroller.xyz/pro_asp.net_mvc_5_platform_bookg0daf.pdf
  • https://cdn.sqhk.co/kivipemo/Dvidgjl/android_nougat_32_bit.pdf
  • https://cdn.sqhk.co/fojilude/djeihkT/meter_reading_definition_photography.pdf
  • https://cdn.sqhk.co/fedelubu/pEijjeN/pot_painting_ideas_images.pdf
  • http://bigops.fun/85955462286y675y.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://5e54d98c-4257-4cc7-9010-48f3df296eb2.filesusr.com/ugd/05240c_e256f64a443243148b24919ed9c97723.pdf?index=true
  • https://e8b83640-91e4-44a0-a69f-c2468797902f.filesusr.com/ugd/ee4a13_8f48d6f3ce8946ac9a6542daf53045ba.pdf?index=true
  • https://uploads.strikinglycdn.com/files/7dddef3e-e58c-418b-8579-0783004a2c77/dobasegazegatituri.pdf
  • https://3a00e800-a8eb-44ae-aafc-ae9aecab8e06.filesusr.com/ugd/1715bf_ca6fa065fd7d42ea85d991e465dadc21.pdf?index=true
  • https://uploads.strikinglycdn.com/files/34d67589-4ef4-4c75-9a6e-04e95e893fa0/69438576208.pdf
  • https://s3.amazonaws.com/bajapovogam/67638762331.pdf
  • https://s3.amazonaws.com/roxawo/desc_dubai_khda_report.pdf
  • https://uploads.strikinglycdn.com/files/20513779-b385-40c5-bdd6-aaa2453756e4/fezazix.pdf
  • https://uploads.strikinglycdn.com/files/583bd3b9-557c-45f2-9bc6-9bd1b1265885/book_review_all_marketers_are_liars.pdf
  • https://uploads.strikinglycdn.com/files/9ab147ab-0a87-47b0-98e1-3b50623a1649/vapakulufit.pdf
  • https://uploads.strikinglycdn.com/files/0273c464-abae-49b1-b38b-9ee305d952a2/71784298578.pdf
  • https://e3c65705-3664-417e-97b1-2ac29bfab8bd.filesusr.com/ugd/6a5da5_8c41c07776c44fc6a0f40c17bde828ee.pdf?index=true
  • https://uploads.strikinglycdn.com/files/798d9203-7cf3-4b81-8b7c-3e5672c843b9/unity_technologies_stock_forecast.pdf
  • https://s3.amazonaws.com/rebesudanolo/vow_renewal_invitations_templates.pdf
  • https://uploads.strikinglycdn.com/files/9093c94e-1092-4950-ae84-1c2faeb148a3/append_text_to_xml_file_c.pdf
  • https://uploads.strikinglycdn.com/files/38c2496d-0082-4062-8b8d-3af4130ff1b6/how_to_pair_monster_illuminessence_led_strip_to_remote.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.