Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maypoin.ru/strik?utm_term=why+is+my+iphone+not+charging+properly PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4446773/normal_602b338c55591.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4490524/normal_6058c07f26720.pdfIn PDF document text
  • http://kojovud.iblogger.org/evenflo_pack_and_play_mattress_size.pdfIn PDF document text
  • http://nemosixumeki.mypressonline.com/is_altered_carbon_resleeved_after_season_2.pdfIn PDF document text
  • http://jijoxep.getenjoyment.net/esl_appearance_worksheet.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4482882/normal_605bc01d02270.pdfIn PDF document text
  • http://wusumomijo.medianewsonline.com/telugu_calendar_2020_november.pdfIn PDF document text
  • http://vutisonoj.sportsontheweb.net/curso_de_ingles_avanzado.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4501998/normal_6000c57a1b1f9.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://dae57379-2785-4108-a223-4562ecbfc22e.filesusr.com/ugd/87ad98_97bd95e156a14733a1042338ed03297a.pdf?index=trueIn PDF document text
  • https://6ddb26ad-aa8e-4a3e-a925-5cef6fc035e1.filesusr.com/ugd/d3d820_a612ddffa184469e9e0fa462424b0659.pdf?index=trueIn PDF document text
  • https://764dfaed-7091-4b1c-a8ff-ceb5b694923f.filesusr.com/ugd/4bafdb_25f688fdd01a451fbada2b959e701dbf.pdf?index=trueIn PDF document text
  • http://verafewema.rf.gd/43627844424.pdfIn PDF document text
  • https://107a3552-ed21-4f5d-95e3-510b6eae4444.filesusr.com/ugd/21bbef_54df2106b9fb4703b7880af3e41ecfa3.pdf?index=trueIn PDF document text
  • https://5366dd3f-28a3-4342-b8e5-5bed86455aec.filesusr.com/ugd/a92322_4554eac43bb5421e816e6708a62bc4e8.pdf?index=trueIn PDF document text
  • http://bitenozof.atwebpages.com/81156278069.pdfIn PDF document text
  • https://591e60e9-54e8-4b06-a9a7-f2e0522969d0.filesusr.com/ugd/1fd4b7_7ef5c81f53044fc4bea80a042db041ef.pdf?index=trueIn PDF document text
  • https://7ef7ebf0-bcb0-4ca2-8538-5a19c3e9f01c.filesusr.com/ugd/aff7ca_c9fcbee3a8cb4a699382734b8f155b49.pdf?index=trueIn PDF document text
  • https://2987c0f4-171e-4473-b3f1-a5468658115b.filesusr.com/ugd/75ff8a_8d1d25159d714afcada05dfe54163c52.pdf?index=trueIn PDF document text
  • https://651f5d5e-5f42-4fb0-8380-889764ca350f.filesusr.com/ugd/b2f7c1_6c592173c29b49229adc5cc05a08670a.pdf?index=trueIn PDF document text
  • http://radulamuwufudez.epizy.com/77700146745.pdfIn PDF document text
  • http://mupegutiwigo.epizy.com/how_to_read_a_fuse_diagram.pdfIn PDF document text
  • https://s3.amazonaws.com/rovikibixu/gokitizoji.pdfIn PDF document text
  • https://s3.amazonaws.com/bokexizometun/70593392207.pdfIn PDF document text
  • https://s3.amazonaws.com/fizaxo/86132182345.pdfIn PDF document text
  • https://s3.amazonaws.com/xalexojaxipud/36306439869.pdfIn PDF document text
  • https://24218389-b518-4ca3-8548-65eaf758daa4.filesusr.com/ugd/c836c3_523e17819ea64d009c9b01d035ba8348.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/bagisi/english_to_korean_alphabet_chart.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.