Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://huntic.ru/pbw?utm_term=nintendo+ds+emulator+pokemon

  • https://static.s123-cdn-static.com/uploads/4462727/normal_5fcaa3f8a498c.pdf
  • https://bufoteno.weebly.com/uploads/1/3/4/8/134851237/5701038.pdf
  • https://static.s123-cdn-static.com/uploads/4369802/normal_600044a79b66f.pdf
  • https://tipiridevozono.weebly.com/uploads/1/3/4/3/134349557/wevififujogozu.pdf
  • https://cdn-cms.f-static.net/uploads/4420250/normal_60bd4b1a8f0c6.pdf
  • https://static.s123-cdn-static.com/uploads/4378170/normal_5fcbebcfbe5b6.pdf
  • https://daxozeke.weebly.com/uploads/1/3/4/3/134322415/5050820.pdf
  • https://fadowika.weebly.com/uploads/1/3/4/8/134847716/301e3e336da.pdf
  • https://bifitulodagox.weebly.com/uploads/1/3/6/0/136081839/13d51fc8e19c.pdf
  • https://rusakubasarozu.weebly.com/uploads/1/3/4/2/134266120/gowapubugutigu.pdf
  • https://xesupolapiban.weebly.com/uploads/1/3/4/5/134586318/zozuvidujatewes-vemefan.pdf
  • https://saferuwakuzav.weebly.com/uploads/1/3/4/6/134688645/2193710.pdf
  • https://cdn-cms.f-static.net/uploads/4372105/normal_603d13a80587d.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/3252d39c-b58d-43ec-999b-c46f2522d8da/income_statement_example_problems_with_solutions.pdf
  • https://uploads.strikinglycdn.com/files/470287b4-3738-408e-9983-f063873020d6/sonru_bluetooth_5.0_transmitter_receiver_user_manual.pdf
  • http://sisiwovad.pbworks.com/w/file/fetch/145116822/espiritu_de_lascivia_en_la_biblia.pdf
  • https://uploads.strikinglycdn.com/files/72466869-aea2-461f-90c4-84a53c620c52/casio_gw-500a_replacement_band.pdf
  • https://uploads.strikinglycdn.com/files/54292642-15d6-4f24-8d74-a71d67380cee/singer_sewing_machine_model_533_parts.pdf
  • http://wenitat.pbworks.com/w/file/fetch/144874749/reduce_size_online_free_below_100kb__50____Low__2.pdf
  • https://uploads.strikinglycdn.com/files/39fc282c-9623-4ffa-88b4-507f5afeec84/53506397348.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.