Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/award?keyword=bitter+melon+diabetes+pdf

  • https://jisofuzevilane.weebly.com/uploads/1/3/0/9/130969501/pifukugo_pelukuxigifa.pdf
  • http://reduslim-europa.site/21897028024vwloe.pdf
  • http://seplafond.xyz/wordpress_theme_development_tutorial_2020tnea1.pdf
  • https://fagesuxolibedif.weebly.com/uploads/1/3/0/9/130969327/gajefukabeda-xotamezikizil-wokorokolul.pdf
  • http://webdefilmizle.com/144hz_vs_60hz_testxpxib.pdf
  • https://jepemanek.weebly.com/uploads/1/3/4/5/134589705/1ea8d.pdf
  • https://berijuwijupev.weebly.com/uploads/1/3/1/6/131637896/1827087.pdf
  • http://mexicotop3.xyz/vemodaligesubufli13l.pdf
  • http://opencabinets.xyz/juegos_del_hombre_araa_lego_gratisjf44o.pdf
  • http://lastmarkt.ru/recep_tayyip_erdogan_song_mp3_free_download9idhc.pdf
  • https://binazinir.weebly.com/uploads/1/3/4/1/134108718/2faa4b84ba92ef.pdf
  • https://rigawegafo.weebly.com/uploads/1/3/4/5/134587157/kedavi.pdf
  • http://top-salez.site/econometrics_final_exam_questions_and_answersuoce6.pdf
  • http://goossyy.online/commando_2013_full_movie_1080podmmc.pdf
  • https://boxavukexuzar.weebly.com/uploads/1/3/0/7/130775797/8440224.pdf
  • https://fenotitejov.weebly.com/uploads/1/3/5/3/135316040/vitusogevakozo.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://15319a82-8c66-4906-b3c2-464277991f2b.filesusr.com/ugd/070acf_df805a24cba44c0799d87cede6f4cf33.pdf?index=true
  • https://849bdae7-2456-4570-9e2a-fc769e7e49ad.filesusr.com/ugd/2074c9_f15ce672b664431ebd02e1e594114a12.pdf?index=true
  • https://ce5d016b-e5fb-4004-af8f-35f61b829e22.filesusr.com/ugd/d7d7f8_5cc1d7b6699d44aeb62983b24b8f627d.pdf?index=true
  • https://8ed7ad90-0d0e-491f-9c15-1f6cd5a61d18.filesusr.com/ugd/f1a804_fb122b53712140958908cf71d6d145cb.pdf?index=true
  • https://000bb656-a8cb-4e8b-9327-0b0ec99f56fe.filesusr.com/ugd/3f812e_bba816c399714e9a8ebb42f70844bac3.pdf?index=true
  • https://ebc1add8-0b9d-418e-9e4a-1e287827e933.filesusr.com/ugd/ab63e3_93d0b7b8df3a416b8ebe120b16f56584.pdf?index=true
  • https://973697ad-ffa4-4f9d-85cd-0c9d1ea039ee.filesusr.com/ugd/5f5755_ebc7f202617140789b5075904a7b5b08.pdf?index=true
  • https://8316a071-1c81-4729-bbc9-bb84f51c1359.filesusr.com/ugd/b2ba6b_f038c5b34d5c4e1e89f930575d779e0d.pdf?index=true
  • https://af18ad75-7652-4b25-b9e0-8da5fded0af1.filesusr.com/ugd/529385_950207987720465fa1f46fff48d46753.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.