Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/wix?keyword=among+the+hidden+series+age+appropriate

  • http://topcabinets.xyz/simple_sketches_for_beginnersol8yw.pdf
  • http://didazema.mypressonline.com/how_much_does_a_food_and_beverage_manager_make_at_wawa.pdf
  • http://domotoj.sportsontheweb.net/488682476.pdf
  • http://lnstagram-office.com/sazibeleronaw5rc0y.pdf
  • http://ijmalan.xyz/what_are_the_four_types_of_organizational_structurear8zw.pdf
  • https://fukorolavo.weebly.com/uploads/1/3/4/6/134639224/livinizuxinowoka.pdf
  • https://nefarixuk.weebly.com/uploads/1/3/1/4/131407944/mateb.pdf
  • http://fulukegoror.getenjoyment.net/how_to_connect_hp_airprint_to_iphone.pdf
  • http://jekeluxuto.mywebcommunity.org/75389113170.pdf
  • https://bitugibetofovo.weebly.com/uploads/1/3/0/9/130969362/tozafutosefuvagin.pdf
  • http://azalea.store/best_cold_weather_concrete_patchw5gh5.pdf
  • http://maxiteguf.medianewsonline.com/31488868092.pdf
  • https://pekatube.weebly.com/uploads/1/3/5/3/135393066/wekijo-zimobefixidaran.pdf
  • https://meligobuv.weebly.com/uploads/1/3/1/0/131070858/lelirofinule.pdf
  • https://xogovowumo.weebly.com/uploads/1/3/0/7/130738979/8037737.pdf
  • https://xovozenoz.weebly.com/uploads/1/3/4/3/134348708/5508292.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://e61e9f85-32c5-4861-9fd4-b89109084c35.filesusr.com/ugd/2e4eb4_b210b3c68edf428c8b48d467d33994db.pdf?index=true
  • https://a40b6db0-1679-4e03-879f-ac5827b9aa7d.filesusr.com/ugd/dba42a_690c27d2b7f54ecc9a4a3c87c83d7e09.pdf?index=true
  • https://18e7ef82-5c75-44fe-ae22-4c356c2c9ce0.filesusr.com/ugd/749e61_8943f85ff43b4625b230d4d1352989b6.pdf?index=true
  • https://550dfcec-0280-4316-a0d5-68b74a7a20b9.filesusr.com/ugd/f59309_8996c30de58b4b198a4ca129aa2572a3.pdf?index=true
  • https://09235f31-469a-4613-94fc-36d04c1f642a.filesusr.com/ugd/8b6407_82e02825c497450cbcec58b4cec7b76c.pdf?index=true
  • https://0bdb67af-4c57-4a6e-9706-714cc80719f5.filesusr.com/ugd/fc840b_8fe573692b7d4a8b8841686c289518c6.pdf?index=true
  • https://fe2b84af-b373-48e0-a714-f820169e3fe9.filesusr.com/ugd/ed1d2e_9513c75e234b4678a650fd2e1732d1fe.pdf?index=true
  • https://84d51d8d-5932-465a-b044-5d36dace581c.filesusr.com/ugd/98e2de_a23c7b3893014c3aac270d5ca2c7a1fb.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.