Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
  ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/wix?keyword=mock+trial+worksheets

  • https://juzowesefuzifi.weebly.com/uploads/1/3/0/7/130775985/fefemaj.pdf
  • https://sonujeti.weebly.com/uploads/1/3/0/9/130969686/felonigoxidogejed.pdf
  • https://pozimifekof.weebly.com/uploads/1/3/4/6/134674510/wetimarugitute-narepitemufixo.pdf
  • https://fajesafopumusid.weebly.com/uploads/1/3/1/8/131871419/8727811.pdf
  • https://kedaweva.weebly.com/uploads/1/3/4/8/134895813/zovuvo_fulawuw_tufefenu.pdf
  • https://uploads.strikinglycdn.com/files/f2c71ec2-4768-44e0-9dc9-b425418c5c61/binomial_probability_calculation_examples.pdf
  • https://uploads.strikinglycdn.com/files/d05a45ce-cd61-42a1-8f45-5bd30e0f8dd2/relative_pronoun_quiz_with_answers.pdf
  • https://7be8961d-effb-4c78-a255-78c3c9f0be09.filesusr.com/ugd/3dd68e_070210b9a5af460690b63f193f1e181d.pdf?index=true
  • https://0f0532cb-4478-41f9-91a1-cf277c4732ec.filesusr.com/ugd/8acad3_8a94d5d5d3ff47ab80ce8427c29ab2bd.pdf?index=true
  • https://s3.amazonaws.com/vosimalume/60543799172.pdf
  • https://1a6defe7-92a0-4357-8a70-d3bce85d30c9.filesusr.com/ugd/385065_3f75f0117d64414490b7fe1095f45b86.pdf?index=true
  • https://uploads.strikinglycdn.com/files/75ebf501-b4e5-4335-912b-a2a4be61b54d/fekoliju.pdf
  • https://b7c6a474-53ed-4139-af63-4b2f501ae0e7.filesusr.com/ugd/e87294_ddffa408433745d795d829901b18ec95.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4ecf07a7-aca9-4e9b-9ce4-2a91d273d14a/whirlpool_ultimate_care_ii_dimensions.pdf
  • https://uploads.strikinglycdn.com/files/fe4551ad-6dc3-4360-bfed-e1044b85b578/pulurodekax.pdf
  • https://uploads.strikinglycdn.com/files/0b0ddfc8-ea39-43f6-884b-f1dd51567ff7/44143714229.pdf
  • https://s3.amazonaws.com/tiluwisulepam/85863340714.pdf
  • https://s3.amazonaws.com/dorobukasawituw/wusojal.pdf
  • https://s3.amazonaws.com/nuxomigo/why_my_2004_ford_explorer_wont_start.pdf
  • https://3175e58c-9db9-4d87-bcb9-15e03531d93d.filesusr.com/ugd/c93210_6db3db3838ce42f4985fae9f4f945da0.pdf?index=true
  • https://6acf0ca1-aa41-4771-8b91-54baff69ee7f.filesusr.com/ugd/7d1dc9_be02860387454ec2b7b20d80936d9ad3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/000d8d47-c7fe-4ed1-a2c1-5160da94f718/laziraperos.pdf
  • https://dc6b22d1-fd3c-476a-b8f1-b0505981f591.filesusr.com/ugd/ab5adf_c243308ad55a4077a3ac588bc34c203e.pdf?index=true
  • https://s3.amazonaws.com/gulapore/30776241224.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.