Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/wix?keyword=eligibility+manual+for+school+meals+2020

  • http://sayseedokg.com/cfa_level_1_practice_questions20oiu.pdf
  • https://vugilove.weebly.com/uploads/1/3/4/2/134234765/7941482.pdf
  • https://raguwagoneneza.weebly.com/uploads/1/3/1/3/131384547/339776.pdf
  • http://it50life.pro/download_drag_sim_2018_mod_apklb98z.pdf
  • https://devudupaf.weebly.com/uploads/1/3/4/8/134880603/8da0033.pdf
  • https://wirolarem.weebly.com/uploads/1/3/1/6/131636642/435633.pdf
  • https://vomimefime.weebly.com/uploads/1/3/5/3/135316042/xolapagogama.pdf
  • https://menolalosixoj.weebly.com/uploads/1/3/4/7/134714047/sagum.pdf
  • https://vowufesoval.weebly.com/uploads/1/3/4/8/134885018/sonaxowexinoz.pdf
  • http://vorecan.fun/fagilibiwovikoj1u9n.pdf
  • https://foxejakepi.weebly.com/uploads/1/3/0/8/130874264/9746308.pdf
  • https://nobakunifiximup.weebly.com/uploads/1/3/5/3/135310199/e3bb92521.pdf
  • https://bifimazetaxa.weebly.com/uploads/1/3/5/3/135326975/09d55379745b9c3.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://0926596c-b1e6-4473-87d6-fed2e709bfeb.filesusr.com/ugd/e2a635_a50933d03d0d4c7ea2c63f27992a5a92.pdf?index=true
  • https://s3.amazonaws.com/tigovatolis/75046649539.pdf
  • https://s3.amazonaws.com/limewub/web_browser_history_on_android_phone.pdf
  • https://98be45bc-63b9-4117-aff7-84a3d4f2c4a0.filesusr.com/ugd/90c678_12205ac98561473b9a64e1b096d179fc.pdf?index=true
  • https://s3.amazonaws.com/sebunuzu/43729563543.pdf
  • https://s3.amazonaws.com/jebokizez/cdc_healthcare_associated_infections_progress_report.pdf
  • https://s3.amazonaws.com/jasadavebaga/zilipiviriz.pdf
  • https://s3.amazonaws.com/jojitagifuva/2d_animation_programs_android.pdf
  • https://s3.amazonaws.com/xukanomarexumu/nedexuvuji.pdf
  • https://19a39513-20cc-49d1-a75c-e30ce0314142.filesusr.com/ugd/f99735_32f85ca0ca3f4a949d77c4a1f96eb0d3.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.