Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/strik?utm_term=what+is+the+role+of+a+health+and+safety+committee+%2528100%25E2%2580%2594125+words%2529 PDF link annotation

  • https://cdn.sqhk.co/nupegefozub/Vijghhe/gutuxonimeranu.pdfIn PDF document text
  • https://cdn.sqhk.co/boxokozofe/UoXG4kX/durelisenidefofaxifivo.pdfIn PDF document text
  • https://cdn.sqhk.co/giravopakiw/ibgcEjb/diy_ideas_for_home_storage.pdfIn PDF document text
  • https://cdn.sqhk.co/tenalewi/kiihgWD/vodafone_yan_mda_cark_cevirme_neden_yok.pdfIn PDF document text
  • http://padlamadla.site/what_do_i_need_to_get_a_new_drivers_license_in_ncliw9z.pdfIn PDF document text
  • http://reflectionss.space/personal_statement_for_medical_school_exampleskdcba.pdfIn PDF document text
  • https://cdn.sqhk.co/paparidew/jaYjbXC/nails_for_u_dubuque.pdfIn PDF document text
  • http://www19216801.site/sago_mini_ocean_swimmer_app1hh3d.pdfIn PDF document text
  • https://cdn.sqhk.co/gowexenopa/Psihie9/bollywood_instrumental_ringtone_download_for_android.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://72cdfa97-b5fe-44cc-9aa9-3142b5aa642a.filesusr.com/ugd/ee32c9_104e1d887ea7425da8855a9a83d8245d.pdf?index=trueIn PDF document text
  • https://f904ef53-caa1-4f0f-8a97-c50675c03ece.filesusr.com/ugd/2f8cea_b9026451a54341d3ad91b36de7febb57.pdf?index=trueIn PDF document text
  • https://fefcf4f0-bf52-4086-adb3-b788df03f7bd.filesusr.com/ugd/da9d4c_f3ae5fba0cf54f479bc389b5ff261102.pdf?index=trueIn PDF document text
  • https://e50eee24-2d95-422d-8083-6f618d95927b.filesusr.com/ugd/594ae5_ca83b89a6ba74fcb95089cc5c1b91723.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/a681877f-8066-4cb8-8cbd-149b918ebc43/competency_based_questions_for_a_manager_role.pdfIn PDF document text
  • https://73f4d879-981c-49fe-abc7-520f36a14a84.filesusr.com/ugd/b77b08_90a50e7e77c14a8daf5cfa84a27fd1ed.pdf?index=trueIn PDF document text
  • https://6bfd3344-23d3-4e03-ab7d-00c1c23eecf6.filesusr.com/ugd/be19e1_8608ae34767845e59776986bfb678a63.pdf?index=trueIn PDF document text
  • https://3e80c8bf-0031-4ca1-bfa9-4484641fefed.filesusr.com/ugd/08103e_c05a2f554cfa49679d0078a9dbc829c6.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/65cb140a-6639-4574-acda-58305f93cfab/world_map_with_political_divisions_and_names.pdfIn PDF document text
  • https://9fb0fece-6c2a-4f8b-8ff1-5d9ea67f5ee7.filesusr.com/ugd/f6a907_1e9f3206e6034a908fdbd26e75e09d48.pdf?index=trueIn PDF document text
  • https://05b56818-8b0b-4484-a411-4f1234233f1c.filesusr.com/ugd/e49726_c5c13671fa724f57a0c2b4173bb856d3.pdf?index=trueIn PDF document text
  • https://1cbf0fd9-62af-4102-a3dc-982f361539e7.filesusr.com/ugd/bfbc46_bd1a348f477c4cb4bcf0eda333e70d62.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.