Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/123?utm_term=gfx+after+effects+projects+free

  • https://cdn-cms.f-static.net/uploads/4391305/normal_6041fcf8c2648.pdf
  • https://cdn-cms.f-static.net/uploads/4480414/normal_5fd6a0830b6ac.pdf
  • https://namunoxup.weebly.com/uploads/1/3/5/3/135339392/2390232.pdf
  • https://vuzitiruf.weebly.com/uploads/1/3/2/8/132814505/dupubuxoxukawu-zakobapom.pdf
  • https://xoxovumalojiru.weebly.com/uploads/1/3/0/8/130874224/xarinoneb.pdf
  • https://mizededul.weebly.com/uploads/1/3/4/0/134040812/5883518.pdf
  • https://static.s123-cdn-static.com/uploads/4367275/normal_5fece7ad7aee2.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/d10c866b-cc7a-4031-9632-c9be1458a9a2/duloxaguxoputekunej.pdf
  • https://uploads.strikinglycdn.com/files/a12ac4c5-d28d-4e63-b4ef-7749bb3247ae/xefesane.pdf
  • https://uploads.strikinglycdn.com/files/d1f442ff-6914-49ad-86c4-1620e2856706/24419529378.pdf
  • https://uploads.strikinglycdn.com/files/83f022b8-d864-42e4-8977-a1598e788c8d/radio_silence_books.pdf
  • https://uploads.strikinglycdn.com/files/52e6920b-95a5-41e6-b394-e926b9de3f6b/bmw_e90_how_to_reset_oil_service.pdf
  • https://uploads.strikinglycdn.com/files/8041a904-2000-4ce3-8a42-88730b9bf8ec/negative_emotions_list.pdf
  • https://uploads.strikinglycdn.com/files/5bd3b936-68aa-4c92-84e8-6c26651bb1b8/zimipepeli.pdf
  • https://uploads.strikinglycdn.com/files/fffd9317-8b3b-43be-b5da-f690bc6f82d8/71867456777.pdf
  • https://uploads.strikinglycdn.com/files/2e5a9d25-a280-464c-86f6-f2e22303393a/baby_einstein_sea_and_discover_door_jumper_recall.pdf
  • https://uploads.strikinglycdn.com/files/bae6167f-f7a8-4bff-979b-61de5ede4250/midemixujevatokubovezuz.pdf
  • https://uploads.strikinglycdn.com/files/2af5810e-fec1-40f6-a935-af17371b5aff/how_long_does_a_one_touch_ultra_mini_meter_last.pdf
  • https://uploads.strikinglycdn.com/files/f1169f3e-d19e-4153-9533-1ca50e05d8b2/whitfield_pellet_stove_owners_manual.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.