Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/award?keyword=higher+engineering+mathematics+by+bv+ramana+pdf+download

  • http://towonededuv.medianewsonline.com/bulova_marine_star_98b301_review.pdf
  • http://boevoenlp.com/funny_gif_and_memesfr6zl.pdf
  • http://gatorama.site/google_slides_templates_gratisbsf1c.pdf
  • http://proita.fun/does_double_strike_include_first_strikesa7ee.pdf
  • http://gimemuwet.mypressonline.com/death_in_family_out_of_office_message.pdf
  • http://levantemosaic.com/munchkin_weighted_strawsb4kl8.pdf
  • http://astrology-personal.online/incarceration_nations_baz_dreisingeryf4jv.pdf
  • http://hot-money.fun/slingshock_rail_rush_stadium_new_hasbro_burst_turboz0xaj.pdf
  • http://digosige.mywebcommunity.org/important_characteristics_of_report_writing.pdf
  • http://bestcreditcheck.info/webekadukabowazevak3tpeb.pdf
  • http://idealsit.space/titration_of_aspirin_lab_report_conclusionahtdo.pdf
  • http://indital.space/memimiplxrma.pdf
  • http://haifaiv.ru/the_mystery_of_the_shemitah_free_download7cma0.pdf
  • http://netewe9.xyz/allegiant_free_stream_online0tqwb.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/1dbc0cb9-ed66-4d69-a25d-69b0a082e551/baxuwilugo.pdf
  • http://zutaturusix.myartsonline.com/standard_enthalpy_change_of_reaction_a_level.pdf
  • https://uploads.strikinglycdn.com/files/1d775fe0-c441-4910-8d86-4aba0206d8f0/50138086171.pdf
  • https://uploads.strikinglycdn.com/files/a42a353d-3f4f-4484-829e-abace6e81876/36328177595.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.