Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crophysi.ru/strik?utm_term=que+son+las+entra%25C3%25B1as+de+un+ser+humano

  • https://static.s123-cdn-static.com/uploads/4446259/normal_5fff356e6820a.pdf
  • https://cdn-cms.f-static.net/uploads/4421637/normal_60582dea63cea.pdf
  • https://vowebaxuzifov.weebly.com/uploads/1/3/0/7/130738870/nemaxebo_nazilituvaruge_lerikefilegodiv.pdf
  • https://cdn-cms.f-static.net/uploads/4408589/normal_6041cf100aa6a.pdf
  • https://cdn-cms.f-static.net/uploads/4502906/normal_606b869a62fd7.pdf
  • https://static.s123-cdn-static.com/uploads/4419003/normal_5ffb422841766.pdf
  • https://cdn-cms.f-static.net/uploads/4368999/normal_603c4b6ed20f7.pdf
  • https://cdn-cms.f-static.net/uploads/4383704/normal_605485c151343.pdf
  • https://static.s123-cdn-static.com/uploads/4370555/normal_5fe0a5779a6b1.pdf
  • https://cdn-cms.f-static.net/uploads/4496225/normal_605d5c6444ae2.pdf
  • https://tajirokobi.weebly.com/uploads/1/3/4/9/134901714/808dd0cb.pdf
  • https://nanukofufo.weebly.com/uploads/1/3/7/5/137516761/xejenopuzopebige.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/a9b55327-b38e-4bdc-81b9-8ee4c099539c/1887475761.pdf
  • https://uploads.strikinglycdn.com/files/9eb7062e-b3a3-4336-a0d0-52c6b29e2883/where_is_the_app_store_on_my_apple_tv_3rd_generation.pdf
  • https://uploads.strikinglycdn.com/files/38da25af-742b-48bc-a088-5e10f6d65924/brinkmann_gourmet_electric_smoker_and_grill.pdf
  • https://uploads.strikinglycdn.com/files/4aab88a5-7632-44b7-80de-95db65ddcd27/is_the_spy_museum_in_washington_dc_open.pdf
  • https://uploads.strikinglycdn.com/files/0e61e693-2776-413c-91ea-aba9081aa7ef/metutulufefidilod.pdf
  • https://uploads.strikinglycdn.com/files/21e8dd5d-5984-4e3b-93d9-d644f92abac8/the_religion_of_islam_by_maulana_muhammad_ali_printed_by_national_publication_house_1960.pdf
  • https://uploads.strikinglycdn.com/files/2008ee1c-b91c-4388-b21a-7eb83284cfcc/70076822992.pdf
  • https://uploads.strikinglycdn.com/files/eb4d0136-451e-4747-8d91-bffc739dfabf/45666832943.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.