Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=how+to+turn+on+skullcandy+push

  • http://vir-tus.com/moon_river_chords_ukulele3g0zy.pdf
  • http://watercart.ru/jatewilaxfq5b.pdf
  • http://kasyanbeauty.com/dias_feriados_de_marzo_2020_republica_dominicanacp743.pdf
  • http://migerov.xyz/63819570457kcnb4.pdf
  • http://wiregabjuk.fun/chromebook_nintendo_ds_emulatorax0yd.pdf
  • http://dreamingdeveloper.com/lafubefajavisax2h52.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/fuwuzerijofa/72265764830.pdf
  • https://883cd1dc-02d0-4059-8fa2-99201f92b631.filesusr.com/ugd/6166c9_75ad338d26e748e2b81272a8b1b28ebb.pdf?index=true
  • https://s3.amazonaws.com/telasebisu/wetinapanesusevafezijife.pdf
  • https://849bdae7-2456-4570-9e2a-fc769e7e49ad.filesusr.com/ugd/2074c9_411dc73a187d46a2b6c5786f9426d51a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/e84a8b5c-9f82-41c1-b901-ee8e0d796c0b/2230718035.pdf
  • https://s3.amazonaws.com/tuxutedi/all_guitar_chords_finger_placement.pdf
  • https://2acf176d-1645-44e4-83be-c67f7ac9af6b.filesusr.com/ugd/e72dd6_af8a57ac2f484536883af615fb225a28.pdf?index=true
  • https://uploads.strikinglycdn.com/files/7103e767-a278-4da3-9a8c-109b88e56f6b/how_to_set_up_danby_50_pint_dehumidifier.pdf
  • https://uploads.strikinglycdn.com/files/3dc55cb8-b422-4199-bf61-e01c3438862b/oxford_picture_dictionary_third_edition_english_arabic_dictionary.pdf
  • https://uploads.strikinglycdn.com/files/53ed5a3d-47a8-4761-9c57-39e43d8485c2/pacific_hydrostar_pressure_washer_98444_parts.pdf
  • https://uploads.strikinglycdn.com/files/2c053563-9723-4d06-973d-0d8ffa9c67f1/how_many_discs_will_ff7_remake_be.pdf
  • https://uploads.strikinglycdn.com/files/db5ba22d-441f-4fad-abf3-247416e3fd9e/9605575492.pdf
  • https://uploads.strikinglycdn.com/files/b577b3d2-bdc7-478c-82aa-dea367fe880c/the_upside_of_stress_citation.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.