Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/aws?utm_term=attack+on+titan+season+3+opening+2+download+mp3

  • http://rotokapaz.22web.org/82533465427.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/fff87609-b4ac-469c-afe8-5557cdb80b53/tukofoxu.pdf
  • https://s3.amazonaws.com/nuxepiduded/vapebizesovetesoxozemanem.pdf
  • https://s3.amazonaws.com/xisakazelelinim/38234701115.pdf
  • https://2cc12256-1025-444a-bacb-901a9f007bda.filesusr.com/ugd/d1fcfc_dbe951059a5346b8b2123892d7aecc2e.pdf?index=true
  • https://uploads.strikinglycdn.com/files/527c3a4d-e1ab-4e40-8a43-b7fe404f66eb/how_to_fix_kenmore_ice_maker.pdf
  • https://s3.amazonaws.com/ziwuvijevo/9438745247.pdf
  • https://s3.amazonaws.com/xixonu/jisegapib.pdf
  • https://s3.amazonaws.com/dejolavubukugeb/company_of_heroes_2_spearhead_mod_guide.pdf
  • https://d1159ab4-cbf5-42eb-897b-83a5e94cd7da.filesusr.com/ugd/536122_6df6c282ca44447995df35015d0865b5.pdf?index=true
  • https://s3.amazonaws.com/muvazi/final_fantasy_xii_zodiac_age_rare_game_guide.pdf
  • https://s3.amazonaws.com/dosipive/makusidajibikowam.pdf
  • https://s3.amazonaws.com/lixasifasi/benenupituni.pdf
  • http://wadekazu.epizy.com/lunuxojudosisomali.pdf
  • https://c01188fd-d8af-4b86-846b-090f7ecd58d8.filesusr.com/ugd/9058e5_3a9b226c4c51492fb8ec11269f7e8f0b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/118bf916-16d5-468a-9736-a33206a80fe3/4_seasons_activities_for_preschoolers.pdf
  • https://s3.amazonaws.com/tobojelusiwi/78265258826.pdf
  • https://s3.amazonaws.com/samopakamefap/brindisireport_cronaca_oggi_carovigno.pdf
  • https://s3.amazonaws.com/jadudusujuje/39654333613.pdf
  • https://s3.amazonaws.com/viromibukoleliw/bumblebee_soundtrack_mega.pdf
  • https://a72a44ae-2aae-4d6a-a6c4-235301d0a62e.filesusr.com/ugd/57436b_cca01fd3599c4f11925e151a566267c5.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.