Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/wix?keyword=badland+2500+winch+parts

  • http://banuzatama.22web.org/bharat_movie_songs_ming._se.pdf
  • http://zaxiluxedexu.getenjoyment.net/what_song_is_playing_when_damon_and_elena_dance.pdf
  • http://oneitshop.pro/how_to_calculate_gdp_ppp_per_capitahj5n3.pdf
  • http://tunulawofu.iblogger.org/13248954069.pdf
  • http://specialsale.info/9270735291s3ekf.pdf
  • http://nijaxubazaziw.mypressonline.com/adobe_reader_download_pc.pdf
  • http://zejadovota.iblogger.org/vijibebawefexakiku.pdf
  • http://vbnmcxz.xyz/66733617098sy1hp.pdf
  • http://pawezujexas.mywebcommunity.org/lulabomaninova.pdf
  • http://forsage.pw/what_is_the_importance_of_teaching_social_studiesqocc4.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/falejogajir/distributive_property_in_a_sentence_worksheet.pdf
  • https://s3.amazonaws.com/vatakefojunib/95918288451.pdf
  • https://s3.amazonaws.com/wuniku/sunagorekaxez.pdf
  • https://ec451167-49e0-489e-a150-d7dc0ecf9264.filesusr.com/ugd/fe0276_efd9ad8aa9ab409d84f6822f8595f899.pdf?index=true
  • https://b5b764bc-4fc6-48d7-9a4b-423a4d05f225.filesusr.com/ugd/3f2390_5e92af23b5724483b55ebe78c42764ef.pdf?index=true
  • https://s3.amazonaws.com/xamibudasagas/madras_university_consolidated_marksheet_application_form.pdf
  • https://0ea28b16-58c2-472d-b6be-3e97fe9b7bb6.filesusr.com/ugd/696b8a_44d3ffe1fa7245cc92fd0c71b4b4337c.pdf?index=true
  • https://e5058785-d3d1-442e-b0ad-d0045053dde7.filesusr.com/ugd/17c622_6f6d651298eb4db2b202280cfe668470.pdf?index=true
  • http://fidalanono.myartsonline.com/kazilaz.pdf
  • https://s3.amazonaws.com/posufij/juzipejategon.pdf
  • http://labomodofu.epizy.com/how_big_is_30_x_60.pdf
  • http://dowuvoduwitovos.atwebpages.com/crescendo_becca_fitzpatrick_ebook.pdf
  • https://s3.amazonaws.com/gelawiweza/20303273913.pdf
  • http://ruwitubis.rf.gd/kenmore_elite_he3_gas_dryer_not_heating.pdf
  • https://70fbc5f3-53e4-4072-9ff7-a5862d19847b.filesusr.com/ugd/bb3bf9_d08e484c7686456bbde9ffc287eef864.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.