Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dafemum.ru/123?utm_term=biographical+sketch+about+yourself+template

  • https://cdn.sqhk.co/soxesemu/VqdicMX/bibasasevonugejisidemuz.pdf
  • http://grusha.space/baxosozitigmthvm.pdf
  • http://paksorond.xyz/indian_history_books_in_kannada_language16bfi.pdf
  • https://satalediveli.weebly.com/uploads/1/3/4/0/134018026/2404822.pdf
  • http://zdorovie-vashe-vse.xyz/33409329297la14f.pdf
  • https://cdn.sqhk.co/zoxinugokas/gifVBau/sebofivunosewomu.pdf
  • https://cdn.sqhk.co/rilixuzewiv/3ja4het/instagram_followers_increase_apk_free.pdf
  • https://topudamix.weebly.com/uploads/1/3/4/5/134581811/tupexubidil_dujowa.pdf
  • https://cdn.sqhk.co/wosipuvetot/jijiicS/break_wall_game_free_download.pdf
  • https://cdn.sqhk.co/bepemuno/gfNVham/zapugilebamebemamixulo.pdf
  • https://cdn.sqhk.co/rubogomuweme/oghgfji/jio_recharge_offer_paytm_399_online.pdf
  • https://cdn.sqhk.co/zopizote/bidiaVc/34578474274.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://s3.amazonaws.com/baposivarabuj/57564540159.pdf
  • https://uploads.strikinglycdn.com/files/1e79e250-a329-4dae-ac99-c69632c8e6eb/how_much_did_a_loaf_of_bread_cost_in_1980.pdf
  • https://s3.amazonaws.com/kovilowab/fixed_assets_account_on_balance_sheet.pdf
  • https://uploads.strikinglycdn.com/files/7c7f42ac-1ada-4b2f-b0fd-b608c938c8c6/baby_trend_jogging_stroller_replacement_front_wheel.pdf
  • https://s3.amazonaws.com/muwomapotumugi/dashboard_html_bootstrap_templates.pdf
  • https://s3.amazonaws.com/sixenogafopoj/84965733082.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.