Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINK
  PDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/123?utm_term=android+load+animator+xml PDF link annotation

  • http://biggymstoe.com/xejidalilovx85yu.pdfIn PDF document text
  • http://avto-document.site/fractional_and_negative_indices_worksheet_gcsea8ywn.pdfIn PDF document text
  • http://hesap-al-sat.com/39399720291qtsa.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://6b2f37ea-3696-4b87-858b-663c379f6f6f.filesusr.com/ugd/16879a_c44d78537f9644a68632782856df04e2.pdf?index=trueIn PDF document text
  • https://e4fb9bf1-a3d6-4767-9bf2-2a1021e5dc09.filesusr.com/ugd/53cfc7_153e02a78115437681a3f7f594bc5b5b.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/d43c76d0-5d6f-4046-b00d-8b9da4946964/why_would_a_samsung_refrigerator_leak_water.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/61860a79-02ab-40d5-80f5-6d48865c084e/kexonosamadijulukogurosab.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2129a230-1b1b-4bcb-bad7-23f6961d7a8c/how_is_queen_mab_described_in_romeo_and_juliet.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f3d42fbb-7691-4df3-a74e-45e93a53ee89/29017301210.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3df8e09d-932f-4f7a-9d89-c9c3e0d120bf/4th_grade_math_worksheets_multiplication_color_by_number.pdfIn PDF document text
  • https://45b0b119-5f8c-43e7-b437-4e12d17c1c81.filesusr.com/ugd/3826db_ba2b3bfbc40844ac8bbe2f3571fd4231.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/399711d1-cb8d-4ce4-961f-5234ae4afd73/blackdecker_st5530-gb_corded_grass_strimmer_550_w.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7598123d-00ca-48da-8811-468834932982/how_to_get_math_symbols_on_google_docs.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/22ddbf42-a3cd-4f5a-9e22-8494051e6fc2/how_to_read_height_velocity_chart.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c3c01b90-2451-41dc-b40e-b7c81bf80dee/36742653723.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2975edb5-08af-4625-9483-de51c1bc1993/31513889679.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c3bf5bde-1ea7-4047-9782-87ff45df5070/acurite_thermometer_model_00606txa1_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8f61d9ce-c3ed-4f66-9e5e-74150811f32d/55159585369.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/52d47e5e-c6f1-4a0c-aff0-3f2bbcf0aa1f/autocad_2013_tutorial_for_beginners.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f699e211-f2f4-4000-a341-fb9bed90e9ff/como_aprender_ingles_con_juegos_para_nios.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d09bba45-be64-418e-95d9-b6193cf9d307/how_to_fit_integrated_headset.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://dejavu.sourceforge.netIn PDF document text
  • http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.