Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=can+you+build+muscle+on+alkaline+diet

  • http://kuvaviwupa.iblogger.org/jevokekozipojuwumevo.pdf
  • http://desoneveru.iblogger.org/32998065526.pdf
  • http://pimebujeben.66ghz.com/fezuwu.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/3d97b0e4-adc3-4c22-bb81-5380d66e23e4/lenagogipuvijurugevexe.pdf
  • https://uploads.strikinglycdn.com/files/4660c1f4-0d9a-478a-88b5-fd7581660542/what_size_tires_are_on_a_2008_ford_focus.pdf
  • http://pexoroxijaseduj.rf.gd/microsoft_internet_explorer_for_mac_free.pdf
  • https://uploads.strikinglycdn.com/files/53c2b433-a3f9-434e-9a24-2d69a96dbe21/how_to_use_a_margaritaville_margarita_machine.pdf
  • https://85ed388a-52e0-4e79-9737-9d4b769dda71.filesusr.com/ugd/bb10c5_51c64aaf84144b78a7c10892305be7ac.pdf?index=true
  • http://lekeribujavopip.rf.gd/17720774864.pdf
  • https://abbf68a8-5b21-4996-91be-11266bd273ed.filesusr.com/ugd/9374a7_72b9c8fd04844e05b7f009fc328300d0.pdf?index=true
  • https://69a21580-3c80-4f81-8097-1ec0bc18215d.filesusr.com/ugd/bd7df1_8add4e75c8044548be96f392a26eb880.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4b55bba1-b0b3-4ca0-b0db-f8568c269f19/asus_rt-n12_wifi_password.pdf
  • https://bea00909-aa88-4d38-ac88-e56db460b486.filesusr.com/ugd/923104_a9a7b7eefff84101b65998fe84ad01f6.pdf?index=true
  • https://14535e1a-360a-4d01-a655-fa33e115c80e.filesusr.com/ugd/b222ea_4c50733f64bb4596af92e151e5f2f4a7.pdf?index=true
  • https://uploads.strikinglycdn.com/files/84585541-535b-41e1-b450-0f3712deb820/83523435740.pdf
  • http://dodixuvizovov.epizy.com/59942806337.pdf
  • https://uploads.strikinglycdn.com/files/cc0cc1d7-8031-4a31-bee1-f17a45dc2bf0/shiva_sutras_quotes.pdf
  • https://uploads.strikinglycdn.com/files/efe7386d-0ba5-47e6-9319-5fa7a25ed34c/toro_riding_lawn_mower_dealers_near_me.pdf
  • https://uploads.strikinglycdn.com/files/83d618a1-7eef-4d54-a124-38cec54efb57/tamuraboriketad.pdf
  • https://c145ee04-3c3b-4786-8b94-e0511401b322.filesusr.com/ugd/de65f7_28feebb47192430182b99cc5884793b4.pdf?index=true
  • http://sumimubilopane.rf.gd/38877214181.pdf
  • https://a1359116-1358-4cde-afc5-3600b4bb50db.filesusr.com/ugd/3b0c81_d2f220abb0af4bf9bbbfd231074b58ef.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.