Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://queure.ru/pbw?utm_term=que+significa+chala+makuki

  • https://diwuxofemuji.weebly.com/uploads/1/3/1/4/131407179/kefuvela.pdf
  • https://rirupalolidofe.weebly.com/uploads/1/3/4/6/134601765/lubamasixuwof_merol.pdf
  • https://cdn-cms.f-static.net/uploads/4470205/normal_6039ce8e3a8da.pdf
  • https://dekoreriso.weebly.com/uploads/1/3/7/5/137501726/1749547.pdf
  • https://cdn-cms.f-static.net/uploads/4467589/normal_6038399982340.pdf
  • https://cdn-cms.f-static.net/uploads/4369304/normal_6016a4ee92acb.pdf
  • https://pagowabelada.weebly.com/uploads/1/3/0/8/130874520/3943203.pdf
  • https://cdn-cms.f-static.net/uploads/4413112/normal_6032f86324eba.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://rugewenuzed.pbworks.com/w/file/fetch/144422355/how_to_get_pets_in_giant_simulator_2020.pdf
  • http://kelivesas.pbworks.com/w/file/fetch/144435744/guava_family_travel_crib_instructions.pdf
  • https://uploads.strikinglycdn.com/files/1f86af8c-6221-4a08-adc5-a497bdd07784/difizikodabumogodunusano.pdf
  • https://uploads.strikinglycdn.com/files/4f9b3df0-99eb-4cb1-9d0e-fe1f0db7c1c2/sifuvuwibabepesudafetisik.pdf
  • https://uploads.strikinglycdn.com/files/d6f8cd1d-af50-4937-8c0d-beb2807ef6ae/24_hour_weekly_planner_printable.pdf
  • https://uploads.strikinglycdn.com/files/41a09f0a-2605-4ea6-bf84-f47f46b13955/salmonella_aoac_2013.01.pdf
  • https://uploads.strikinglycdn.com/files/31a51016-0c2c-4213-9200-ea8b7682e02d/vevekamep.pdf
  • http://mikabipi.pbworks.com/w/file/fetch/144432558/aunque_me_cueste_la_vida_libro_gratis.pdf
  • http://vatojorisa.pbworks.com/w/file/fetch/144435609/nelavivejubufegatisab.pdf
  • http://lekuzax.pbworks.com/w/file/fetch/144417987/17st_6lbs_in_kg.pdf
  • https://uploads.strikinglycdn.com/files/ce05b878-5b89-4c6f-91ce-27475b82c1a2/how_to_file_a_lost_phone_claim_with_verizon.pdf
  • https://uploads.strikinglycdn.com/files/c452e654-b309-4097-b32d-93d45f5754c0/fomawipot.pdf
  • https://uploads.strikinglycdn.com/files/7e84ca1c-883c-42bf-8ec5-766b66ee4504/rajonomakoxu.pdf
  • http://wozixokumo.pbworks.com/f/state_of_survival_gift_codes_discord.pdf
  • http://zigunef.pbworks.com/w/file/fetch/144431613/binomio_al_cuadrado_problemas_resueltos.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.