Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://mezovuduw.ru/wix?keyword=air+assault+sling+load+study+guide

  • https://kuzogirig.weebly.com/uploads/1/3/4/7/134748708/fuduweluzesexa_gawonebumak_malokaturi_vodek.pdf
  • https://static.s123-cdn-static.com/uploads/4462982/normal_5fc6fb044dbf9.pdf
  • https://static.s123-cdn-static.com/uploads/4471948/normal_5fefaa731b146.pdf
  • https://cdn.sqhk.co/pibilebomek/GX6jhge/bunudabagizofi.pdf
  • https://static.s123-cdn-static.com/uploads/4497358/normal_5fd04e917435c.pdf
  • https://jofanota.weebly.com/uploads/1/3/2/3/132302765/9614363.pdf
  • https://somubafe.weebly.com/uploads/1/3/4/4/134444697/8727161.pdf
  • https://zivexuxa.weebly.com/uploads/1/3/1/8/131871677/4784200.pdf
  • https://cdn-cms.f-static.net/uploads/4414515/normal_5fdc0284d2097.pdf
  • https://cdn-cms.f-static.net/uploads/4424982/normal_601c8706017d7.pdf
  • https://gefivogixofix.weebly.com/uploads/1/3/0/9/130969648/2e6e432fbb8e5.pdf
  • https://bexenexitefixu.weebly.com/uploads/1/3/4/7/134725849/646f7.pdf
  • https://tejojixamabaje.weebly.com/uploads/1/3/2/7/132740549/fusak-sokiji-xezoz.pdf
  • https://cdn.sqhk.co/bexutavukaro/ifnjfgc/free_one_page_business_plan_template_uk.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://9764c975-acb6-4bd5-a3ff-b1f4624bc9bc.filesusr.com/ugd/5bcb7b_533c15ca564345c2ad758d8c6a2a0603.pdf?index=true
  • https://uploads.strikinglycdn.com/files/64d0e35b-cfa8-45c8-a7d8-80385fa47eed/loraf.pdf
  • https://b01cffea-7a05-49e8-9781-04202a21c04b.filesusr.com/ugd/d5d855_e5f87065906949bd8657fe001b5d8057.pdf?index=true
  • https://91ca87c2-c493-4616-adaa-fbcec45394e1.filesusr.com/ugd/6116da_f8fa27f51ae34588a4723ff40d59e33d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/2a9b600a-bdcf-43ce-bd98-abdb8ec9923b/tv_samsung_ue_55_js8500.pdf
  • https://ebc1add8-0b9d-418e-9e4a-1e287827e933.filesusr.com/ugd/ab63e3_4cefcc76d01c4fb69bd10c9dbd588cd9.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b4f8185c-40e2-4356-ba7f-8a8f2f51223a/how_to_connect_jaybird_freedom.pdf
  • https://a1d3e036-d9a1-4be1-9d2f-eedbb581cb22.filesusr.com/ugd/3ce946_f3e060f75087440aaf7d1fb478e0b7f9.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.