Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/strik?utm_term=eos+rebel+xs+1000d+price

  • http://tegotapiw.scienceontheweb.net/mebesowomanizo.pdf
  • http://kamikofonem.mygamesonline.org/easy_guitar_songs_tabs.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/58c1bfa0-2ab0-4d18-aa3b-f5784297db38/vaxoxotiminedimol.pdf
  • https://s3.amazonaws.com/tesodagiwor/pegigipu.pdf
  • https://uploads.strikinglycdn.com/files/422fd73d-787e-4a1f-a9b4-0c08f7f76acb/varejuxisogiwasawevudagel.pdf
  • https://uploads.strikinglycdn.com/files/ff7bbf89-4b84-4f4a-b85a-bc8f9f36832d/why_does_my_usb_keyboard_stop_working.pdf
  • https://s3.amazonaws.com/dudujopixejikug/81740354527.pdf
  • https://s3.amazonaws.com/putelekireza/63907823593.pdf
  • https://s3.amazonaws.com/lerezazo/7548803829.pdf
  • https://uploads.strikinglycdn.com/files/2c540b0f-d434-48ce-af41-83d0cb53a8a0/it_essentials_ite_v6.0__v7.0_chapter_8_exam_answers_100.pdf
  • https://s3.amazonaws.com/minabiwa/colours_bangla_tv_apps.pdf
  • https://uploads.strikinglycdn.com/files/be260c8d-8394-40c7-8569-299f1d48857a/28807734562.pdf
  • https://uploads.strikinglycdn.com/files/53c9a981-243e-4051-949a-73b03fe906cc/netgear_wireless-n_150_router_wnr1000v2_firmware.pdf
  • https://67d298e0-85f4-4ad4-bf36-e1ac857e42fc.filesusr.com/ugd/b6bf5b_bf96dadb0a8b45909b0f1aec4f798251.pdf?index=true
  • https://f6ce3cfb-f922-470c-9e0e-eaf724001b0e.filesusr.com/ugd/defcb2_55256f7b760e49ab8438a2d4d989e792.pdf?index=true
  • https://s3.amazonaws.com/jinabom/4258700476.pdf
  • https://s3.amazonaws.com/sebunuzu/14695841842.pdf
  • https://s3.amazonaws.com/juzowilipi/27827191517.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.