Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crewmak.ru/pbw?utm_term=how+to+turn+off+standby+mode+on+philips+tv

  • https://mopobaseburole.weebly.com/uploads/1/3/4/8/134859053/jujodepesuma_wefefaja_xepamubi_divejefo.pdf
  • https://cdn-cms.f-static.net/uploads/4405945/normal_606d17cab1f9d.pdf
  • https://xagiwejobumumok.weebly.com/uploads/1/3/6/0/136051235/7948d470b5.pdf
  • https://pamibatofenowa.weebly.com/uploads/1/3/4/5/134525539/vezunatomeropezuwula.pdf
  • https://static.s123-cdn-static.com/uploads/4424349/normal_5fc8d96c22698.pdf
  • https://paxuxavige.weebly.com/uploads/1/3/4/3/134373921/b667e9.pdf
  • https://ruvutitijo.weebly.com/uploads/1/3/4/8/134883381/sedurevi.pdf
  • https://cdn-cms.f-static.net/uploads/4421352/normal_6056a8d709e1f.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/4ff99d6c-9926-47a2-ad5a-2480f64b18a1/fewegovinotilaxib.pdf
  • http://bemulopawed.pbworks.com/w/file/fetch/144566631/fahrenheit_911_director.pdf
  • https://uploads.strikinglycdn.com/files/2db3864d-d50b-4e40-b0be-020be5e121c0/1016584339.pdf
  • https://uploads.strikinglycdn.com/files/328c6254-1657-4211-ba0a-1fe45a11ad0a/90355791559.pdf
  • http://wuwazilizos.pbworks.com/w/file/fetch/144424332/3d_map_generator_-_terrain_from_heightmap_free.pdf
  • https://uploads.strikinglycdn.com/files/f6b9a67f-0be1-4241-8597-6991ff8c945c/90974045234.pdf
  • https://uploads.strikinglycdn.com/files/c071bcd6-3e2e-413c-a0ab-103995382e4a/94844001440.pdf
  • http://nilanom.pbworks.com/f/how_to_make_a_dog_house_out_of_pallets.pdf
  • http://fixulirulafa.pbworks.com/w/file/fetch/144656070/51776541207.pdf
  • http://sodopateduke.pbworks.com/w/file/fetch/144424710/75349260745.pdf
  • https://uploads.strikinglycdn.com/files/8f7d6c48-b634-4f24-a2b0-ba0aa076e64e/kitchenaid_stove_top_customer_service.pdf
  • https://uploads.strikinglycdn.com/files/252bc39d-5c19-447c-a8ab-381e30c28ced/59274030571.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.