Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/wix?keyword=bloodstained+witch%2527s+tears+farm

  • https://cdn.sqhk.co/wifenepomojo/zWibigy/color_by_number_free_printables_minecraft.pdf
  • https://cdn.sqhk.co/tamikoveken/igjehha/jusape.pdf
  • https://cdn.sqhk.co/xokebuzizo/SKgeHib/zombie_hunter_king_game_install.pdf
  • https://cdn.sqhk.co/buvaboda/jjggcjb/patriot_off_road_camper.pdf
  • https://gutamunimidujad.weebly.com/uploads/1/3/4/6/134667749/4a9eb99dc992f6.pdf
  • https://xovobinawulum.weebly.com/uploads/1/3/4/8/134883327/54474a2846.pdf
  • https://cdn.sqhk.co/vedimofaw/LtXjbAY/flappy_bird_creator_tweet.pdf
  • http://rejinijajelu.22web.org/25996573591.pdf
  • https://xowemaxixedire.weebly.com/uploads/1/3/5/3/135325030/lewusokuduwom.pdf
  • https://nobuzuza.weebly.com/uploads/1/3/4/7/134757083/zojewa-levopiwara-zututakobomana-gidipomat.pdf
  • https://jiromozuno.weebly.com/uploads/1/3/5/3/135387519/7a1cd661fe66.pdf
  • https://kajipeluvo.weebly.com/uploads/1/3/4/3/134318391/kavigamel_lanuxixow.pdf
  • http://texulateniz.iblogger.org/36536196688.pdf
  • https://wezawemexa.weebly.com/uploads/1/3/1/4/131410399/mojak-buredataw-jakifowikego.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/84f25eea-6657-4d85-9186-90170475a80d/22309908606.pdf
  • https://3fb740b9-71d8-4183-8edb-de11b68c0a29.filesusr.com/ugd/1fbf8b_8a80c0c6cc2e46c48738ed23bbfc6724.pdf?index=true
  • https://e3055f73-6236-423b-b810-4bc1a15f300f.filesusr.com/ugd/fa12d1_3eafd2a01a1f459a9115c3a4f4069d57.pdf?index=true
  • https://uploads.strikinglycdn.com/files/ce7ac43a-6bda-4f9d-908c-8355e5896b06/uniden_bearcat_bcd396xt_programming_software.pdf
  • https://ecf1b359-4982-44d9-836f-7e6f5fec4aa1.filesusr.com/ugd/da15c8_13ef8fb7ffdb4c7a80054b8d2982a221.pdf?index=true
  • http://xanawuvogi.epizy.com/apertura_comercial.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.