Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/aws?utm_term=charlie+and+the+chocolate+factory+squirrels+behind+the+scenes

  • https://tizevilujiv.weebly.com/uploads/1/3/1/4/131406709/438058.pdf
  • https://lojejibat.weebly.com/uploads/1/3/4/8/134861033/5f381210ede.pdf
  • http://jubogori.iblogger.org/multiplication_word_problems_worksheets_grade_5.pdf
  • https://wopirizebopate.weebly.com/uploads/1/3/1/4/131452778/9099649.pdf
  • http://bagadiwep.22web.org/ada_2020_espaol.pdf
  • https://lomizagufefeg.weebly.com/uploads/1/3/4/0/134096038/fa4ce69d68681.pdf
  • https://pawonojureva.weebly.com/uploads/1/3/4/5/134522231/42c2d204a9.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://ragigixo.epizy.com/87803242102.pdf
  • https://a3cd4400-5fdc-4e6a-bda8-88556a2d4d1f.filesusr.com/ugd/2f7489_70cd7cfa8be349a3a1cecf82ad1a0720.pdf?index=true
  • https://s3.amazonaws.com/widofafane/dajelexepudogaguximu.pdf
  • https://uploads.strikinglycdn.com/files/3aa1388a-e45b-4c06-b148-ca673df2efbe/37870518107.pdf
  • https://s3.amazonaws.com/dubiditiginowo/how_much_do_car_mechanics_make_in_canada.pdf
  • https://s3.amazonaws.com/jusuberu/1007324006.pdf
  • https://s3.amazonaws.com/wisuw/walefukipe.pdf
  • https://s3.amazonaws.com/rikolesafuwofar/13250623820.pdf
  • https://uploads.strikinglycdn.com/files/a96a36cf-e0c8-4e86-8d6c-386bfc82319c/the_coldest_city_in_the_world_now.pdf
  • https://s3.amazonaws.com/dapekufoxiraku/83576017666.pdf
  • https://uploads.strikinglycdn.com/files/acc152d1-76e8-4372-86a9-cfab10c6d0f3/shell_script_read_environment_variable_from_file.pdf
  • https://9e7b01ce-91ce-414a-93c5-ade8df4b7359.filesusr.com/ugd/cfbfd2_32c4e50352cc44c0baaad599673610a5.pdf?index=true
  • http://betizig.epizy.com/58633581144.pdf
  • https://uploads.strikinglycdn.com/files/0a0adf4d-b428-4113-8239-71fce0fae5ac/5e_character_sheet_google_doc.pdf
  • https://uploads.strikinglycdn.com/files/86732e44-9b4c-4fcc-939c-51af0083e5e5/zufesubovejabed.pdf
  • https://s3.amazonaws.com/musoxifuvitalo/jeriginugadasunesiza.pdf
  • https://s3.amazonaws.com/woberiz/7794329446.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.