Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/award?keyword=pdf+to+word+editable+free+online

  • http://wersita.space/38584023056dfkk.pdf
  • http://wersita.space/wabovc5rqy.pdf
  • http://honey-love.ru/kowafuvuzosuragapirixgg74z.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/17035319-afd1-43cf-9305-d1f3aa79f82b/how_much_does_a_scag_tiger_cat_cost.pdf
  • https://uploads.strikinglycdn.com/files/45aa2bf6-56b0-45c7-995d-c3441b077c4b/licensed_aircraft_maintenance_engineer_cv.pdf
  • https://uploads.strikinglycdn.com/files/73f3b43f-a39e-4130-9ef1-f05826144217/dark_souls_2_scholar_of_the_first_sin_bosses.pdf
  • https://uploads.strikinglycdn.com/files/cf526afa-f9c8-41ff-a87a-e433f30ce6c8/jolanibepujami.pdf
  • https://4461694d-a6f7-4a69-895a-ff5ddeb3c622.filesusr.com/ugd/f504fb_c6f435553de1463eab8246899e93373a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/2183be2b-d24b-41ca-91f5-1c0f7f7c84aa/what_happened_in_2000_bc_in_ancient_egypt.pdf
  • https://e46eb8ae-11b5-47af-91b5-79e2db369635.filesusr.com/ugd/f84671_6f648f02fe464bdcbf2b2c9aaaac094f.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4dbef056-9697-4e05-873b-61f648b7f731/22514133803.pdf
  • https://901b9152-9067-49c5-8541-bb90c1a77dfa.filesusr.com/ugd/5d84e8_ca6c2ab964c14178b5dc294bae2f9d5c.pdf?index=true
  • https://ce099f17-eb12-430b-a452-8d789b3ee5a8.filesusr.com/ugd/aef5b7_10adbfe1bb41439b8c6879212b51e4cb.pdf?index=true
  • https://uploads.strikinglycdn.com/files/e17cd1af-5cd2-4d67-bddb-863d46730a90/what_is_fresh_off_the_boat_mean.pdf
  • https://uploads.strikinglycdn.com/files/cb3504f3-ec09-421a-8b6a-a004798a6df0/sisujakepirumofufusok.pdf
  • https://uploads.strikinglycdn.com/files/aa07f377-800d-4b89-8b00-acd4e9ae46fe/what_is_deprivation_of_liberty_definition.pdf
  • https://de99934f-f465-4d69-af5e-14f317c0a7c6.filesusr.com/ugd/4fea5c_88fef3d3ec9248b99de8003989bc7ead.pdf?index=true
  • https://uploads.strikinglycdn.com/files/f80a54a0-f4c2-4c71-af1b-e4ca812d7643/luvezitoxozaduriw.pdf
  • https://16012499-1299-48b0-8cdd-5f23a7749958.filesusr.com/ugd/fafc38_e9fa20df3cfa4001a8a41ef01c2eec3c.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.