Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://traffine.ru/aws?utm_term=lead+acid+battery+charging+circuit+pdf

  • https://cdn-cms.f-static.net/uploads/4383680/normal_5fbb1dbd7ea34.pdf
  • https://peledinupuw.weebly.com/uploads/1/3/4/5/134508745/2101004.pdf
  • https://cdn-cms.f-static.net/uploads/4370059/normal_5f9530adc2e63.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/efcc31de-88c7-452f-bb70-84e536dcd4c7/36156121646.pdf
  • https://uploads.strikinglycdn.com/files/34755247-0d07-4fe6-ba6e-b97fdfd0afcd/belapewuvotavikut.pdf
  • https://uploads.strikinglycdn.com/files/852467e5-a7aa-45dc-8ec1-3baab9771932/classification_of_reactions_worksheet.pdf
  • https://uploads.strikinglycdn.com/files/ac71a13e-c504-4893-810b-561373ee71e4/5682677374.pdf
  • https://s3.amazonaws.com/tetazino/cara_belajar_bahasa_thailand.pdf
  • https://uploads.strikinglycdn.com/files/2f70c9fe-6781-4f4f-a059-b20e95320ef5/53199458913.pdf
  • https://uploads.strikinglycdn.com/files/0eadd141-a19d-4b8c-872c-62324b713d5c/dawijoba.pdf
  • https://uploads.strikinglycdn.com/files/51108c95-d0c6-49bd-adc1-5c7673e9a436/34091294655.pdf
  • https://uploads.strikinglycdn.com/files/089c9532-a75e-43f4-bb3f-0af54ad11e56/cse_20_ucsc.pdf
  • https://uploads.strikinglycdn.com/files/2e12e8cb-41ec-44d6-9667-6719620cd54f/kesemozoviro.pdf
  • https://uploads.strikinglycdn.com/files/6d85c775-c8d9-4e49-900a-1eadb4a64900/atlas_de_histologia_humana.pdf
  • https://uploads.strikinglycdn.com/files/1e3dfa36-4912-403e-b221-67724b1361da/south_carlsbad_state_beach_campground_map.pdf
  • https://uploads.strikinglycdn.com/files/346d6cd3-e5e5-45f1-952f-ba0f934c9c75/73889001950.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.