Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=how+to+set+up+cards+against+humanity

  • https://static.s123-cdn-static.com/uploads/4367279/normal_5ffe8560294c8.pdf
  • https://jifofavara.weebly.com/uploads/1/3/4/6/134631997/3332247.pdf
  • https://static.s123-cdn-static.com/uploads/4485572/normal_5feb66b53e859.pdf
  • https://panelaxefejavej.weebly.com/uploads/1/3/5/3/135306159/dukowikebubixo.pdf
  • https://cdn-cms.f-static.net/uploads/4460471/normal_606833a51a6ab.pdf
  • https://nobakunifiximup.weebly.com/uploads/1/3/5/3/135310199/fc1392fd92.pdf
  • https://cdn-cms.f-static.net/uploads/4384037/normal_604062447d3f2.pdf
  • https://static.s123-cdn-static.com/uploads/4373983/normal_5ff8b6b836ac3.pdf
  • https://renixopofofof.weebly.com/uploads/1/3/4/4/134486295/bijopejebib_litasa_worurovez_wifijiluwe.pdf
  • https://lofokuvowuvi.weebly.com/uploads/1/3/4/3/134362742/wutobavogibe.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/0afc2bc2-b0b0-41fc-8691-a19a646239db/wobadekoziduzife.pdf
  • https://uploads.strikinglycdn.com/files/654de308-1406-468e-b689-8400997d90f0/dizixujutinozuzuguvemi.pdf
  • https://59548cc9-d6a6-4b2e-bd73-2bfb7290c7b5.filesusr.com/ugd/3fd21f_6d84711b558543d69bab5e8eabcdc355.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9b70cfab-fe94-42c5-b80b-306ecfdc5fb1/walmart_cash_register_codes.pdf
  • https://uploads.strikinglycdn.com/files/ba9d29cf-b5bd-4a8f-8337-88e3d3d3cc59/how_to_activate_seer_anointing.pdf
  • https://828c6a01-da61-4814-986a-f72e64f4f334.filesusr.com/ugd/cdfdba_aa53f5622763435bb2b5cd3b47580a1b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4088f0af-4ccb-4893-9b94-fec4378f154f/53242901271.pdf
  • https://uploads.strikinglycdn.com/files/d7ec3b5e-c119-4b41-9c56-a3f6c0998fa6/when_to_visit_disney_world_in_2021.pdf
  • https://uploads.strikinglycdn.com/files/e38864a3-932b-4703-a2b9-48d222106dd8/how_to_update_autocad_2019_to_2020.pdf
  • https://uploads.strikinglycdn.com/files/10ba1ddb-1a7c-4830-b941-50e542225d6a/niv_quest_study_bible_online.pdf
  • https://uploads.strikinglycdn.com/files/7af9ba6b-7108-46ca-aba8-acb4c8f6cdd6/asus_xonar_dgx_sound_card_installing.pdf
  • https://uploads.strikinglycdn.com/files/b2ed2fce-6894-4e16-a463-91da38142472/kejudadi.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.