Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/123?utm_term=bejeweled+free+for+pc

  • https://vudaxevagi.weebly.com/uploads/1/3/4/2/134234865/b874e2c1fd2.pdf
  • http://rajajime.mypressonline.com/30235333370.pdf
  • https://cdn.sqhk.co/gopepilexafi/cibxmmV/background_video_from_website.pdf
  • https://cdn.sqhk.co/tidilotofuka/ge2Pzig/72224835376.pdf
  • https://cdn.sqhk.co/bevoroxur/bBjcUdS/shudder_app_on_samsung_tv.pdf
  • http://wajofima.mywebcommunity.org/awakening_lucifer_asenath_mason.pdf
  • https://cdn.sqhk.co/sezivalaw/bijjjjJ/23143909562.pdf
  • http://fakutuzogazu.sportsontheweb.net/ace_test_series_electrical.pdf
  • https://supadebev.weebly.com/uploads/1/3/2/7/132712355/xivemoviga.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/masevewi/multivariate_data_analysis_with_readings.pdf
  • https://s3.amazonaws.com/lowebemuwojiso/avanza_veloz_2014_manual_surabaya.pdf
  • https://uploads.strikinglycdn.com/files/8b4015d7-63e9-4c64-a23a-7ac09995a87b/xibezalukexifug.pdf
  • https://s3.amazonaws.com/pusixa/lumexesemudotewagupar.pdf
  • https://s3.amazonaws.com/posaxugidut/zonaximemewemaxawefew.pdf
  • https://s3.amazonaws.com/dazuxujepov/series_and_parallel_circuits_worksheet_grade_4.pdf
  • https://uploads.strikinglycdn.com/files/c73731cc-6375-46ab-afbf-3e4ddb0044a5/scary_stories_to_tell_in_the_dark_all_artwork.pdf
  • https://s3.amazonaws.com/dibedamoka/delonghi_ec702_user_manual.pdf
  • https://s3.amazonaws.com/zosevid/4768031588.pdf
  • https://s3.amazonaws.com/rurosaveruk/hp_photosmart_7760_cartridge_error.pdf
  • https://uploads.strikinglycdn.com/files/0863ce2b-6616-4ab5-a756-cd5cbe8a2b37/sonexezumopaketabawesasiv.pdf
  • https://uploads.strikinglycdn.com/files/348d19e8-736b-496f-a42b-fb63c7805352/sig_sauer_p238_pocket_carry.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.