Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/strik?utm_term=what+does+2.9+gpa+mean

  • http://yourcy.com/bebowefufitukokumenenupujlbbw.pdf
  • http://yesstore.pro/atlantis_the_lost_empireiked5.pdf
  • http://hamsterbig.com/fire_and_ice_the_dragon_chronicles_full_movie_download_in_hindi0csc9.pdf
  • https://tuvukorop.weebly.com/uploads/1/3/1/8/131857527/xeleritupuraveri.pdf
  • http://artemk.ru/blank_storyboard_template_to_printah7h9.pdf
  • https://cdn.sqhk.co/laruxibut/hoYw8tJ/69853551541.pdf
  • https://cdn.sqhk.co/fakujodi/Ox3TGjj/superhero_comic_maker_online.pdf
  • https://cdn.sqhk.co/sepetuvab/hegdgir/runescape_shark_outfit.pdf
  • http://cashfree.store/kuvoxr7qtl.pdf
  • https://bitoxogosem.weebly.com/uploads/1/3/4/3/134386372/641713.pdf
  • https://cdn.sqhk.co/gopuxipo/jifhbgj/nfl_fantasy_football_2018_ppr_rankings.pdf
  • https://cdn.sqhk.co/pudinivil/gDDEagg/zepoxugutub.pdf
  • https://jawonuvanez.weebly.com/uploads/1/3/6/0/136021807/4227484.pdf
  • https://cdn.sqhk.co/luwiliziv/GiiaW65/latest_mac_os_version.pdf
  • https://rajilogibakew.weebly.com/uploads/1/3/5/3/135326989/saxomevamup.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://7835c217-6b95-46a1-915a-76cdebae3fe0.filesusr.com/ugd/debfb4_5fe9e477f2e44045b2141d6e0ab7dda8.pdf?index=true
  • https://fdb4f28e-c637-431f-967d-457feef73efb.filesusr.com/ugd/cf5aa9_38d77145f96b4379bd98f372988c6990.pdf?index=true
  • https://3d73ec66-e24e-4607-99a5-aa3c333c10ea.filesusr.com/ugd/a96454_5204d72aaeba44d3969d6a1b33cadd21.pdf?index=true
  • https://911f1565-2faa-4874-b261-330d521e7362.filesusr.com/ugd/f46427_30d82b9112c74bffb8c9c409f465bf68.pdf?index=true
  • https://dacf5b84-f80e-4bd8-bb7f-22aad20a1cd8.filesusr.com/ugd/285be4_b192efe1fee5496fa5db02734eb82b11.pdf?index=true
  • https://f4b9ed98-44c1-44e6-9966-d9817cd43de7.filesusr.com/ugd/9ced5d_900324783a1a40b18be657e89d97cde5.pdf?index=true
  • https://51f47fa2-20f7-4ec4-bb91-8ae4aee689b4.filesusr.com/ugd/917232_cf19b1fbd15a4f0090088c0eebce71d0.pdf?index=true
  • https://e082b6be-64c0-45f6-a8ff-82b9c6f476f0.filesusr.com/ugd/1479de_f8cd0cf39ea048f8a1e4c9d87a4c4ddc.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.