Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/award?keyword=how+to+be+a+great+speaker+pdf

  • http://storeeu.info/bizivekudiwadaviroforilouvl9.pdf
  • https://cdn.sqhk.co/joxonorapa/gjihGvl/voziduxelabixuxumixitudu.pdf
  • http://soldonlakewood.com/download_garfield_rush_mod_apkyanvg.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/bfbaea48-2e3a-4028-87eb-9bac0548b8bf/37976948841.pdf
  • https://a82c121c-2200-4cd7-aff6-47cf910fdadb.filesusr.com/ugd/117c17_79fcc05f4711405592ca26dfe6922b14.pdf?index=true
  • http://begosene.epizy.com/linominanixalewaf.pdf
  • https://bf68d742-fb98-404a-ab47-1dcf24f7df52.filesusr.com/ugd/83e7fd_3e02134c7d9a4e02bef936e51017c35f.pdf?index=true
  • https://uploads.strikinglycdn.com/files/85651fba-a20d-477b-b484-fe4fdf4d6064/clark_c500_forklift_service_manual.pdf
  • https://uploads.strikinglycdn.com/files/7433ae43-2110-4802-af64-65fe5e030e33/5432423673.pdf
  • https://050a9d39-d8a1-4107-8be8-b2b70b72e454.filesusr.com/ugd/5262df_1a96213f645d42a6906294faf25dd11b.pdf?index=true
  • https://61069a5e-3c5f-4884-a3c7-8c7552058b74.filesusr.com/ugd/0789d5_2ab1c77f00a74f2883689b5ee389fe85.pdf?index=true
  • http://fububosuvakosal.epizy.com/madenekufiraporizil.pdf
  • http://lofowopajuror.rf.gd/37538863736.pdf
  • https://e114ad41-1367-46fe-a5fd-427bf640f69d.filesusr.com/ugd/a63c55_585135a5ed314640b4eb3aff3909f9f9.pdf?index=true
  • https://add83a7c-0e31-48b3-928b-061d82ba9144.filesusr.com/ugd/205ae4_da68ea4015054f94b94473e4588cbb25.pdf?index=true
  • https://uploads.strikinglycdn.com/files/985f210a-b9eb-413e-8bf8-60628b6f2619/exercise_5-3_periodic_inventory_costing_methods_lo_p1.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.