Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=how+to+change+lg+tv+screen+size

  • https://cdn-cms.f-static.net/uploads/4491936/normal_603946b07cb22.pdf
  • https://cdn-cms.f-static.net/uploads/4379241/normal_605badcce0abc.pdf
  • http://znasila.ru/fake_gps_app_androidge3tv.pdf
  • https://cdn-cms.f-static.net/uploads/4410004/normal_600a428700302.pdf
  • http://vezerfa.xyz/krystopia_a_puzzle_journey_mod_apki9yv2.pdf
  • http://tomogorman.com/ocean_personality_test_truityc165f.pdf
  • https://cdn-cms.f-static.net/uploads/4414849/normal_5fdc05c7144b5.pdf
  • http://gbo.guru/online_form_for_uk_visa_from_omaniducv.pdf
  • https://cdn-cms.f-static.net/uploads/4444370/normal_602f9ab0b06ec.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://2703069b-a6ff-4ff9-983c-db139a8d76ba.filesusr.com/ugd/8b61cf_e0d20ace3a164065b5a9e5b543d94529.pdf?index=true
  • https://s3.amazonaws.com/xulepiwa/womazowudotabakuw.pdf
  • http://dulubuli.rf.gd/how_to_know_who_has_shared_my_picture_on_facebook.pdf
  • https://ef4b221f-cfb4-47e8-bf1d-3b5092770df7.filesusr.com/ugd/4948da_c9910d422625491f939f673718bbb7a4.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9a1da9f4-dd41-4f25-9cc7-66937a7db573/sisewad.pdf
  • https://a2214900-82f6-4ed5-a432-d5ffd14110fa.filesusr.com/ugd/306b6b_f716de7d309843d3a9ce20c56e9db2a6.pdf?index=true
  • http://dovitunazimaze.epizy.com/ibm_technical_support_interview_questions_and_answers_for_freshers.pdf
  • https://s3.amazonaws.com/nezanurugega/animated_text_after_effects_template_free.pdf
  • https://044ec7df-721b-4788-b209-87474a3fcb06.filesusr.com/ugd/60ffa2_c7e909851b724a6e8c869906303fa84d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/317f791b-1a38-468b-9545-d3a66e34d8cb/77981907721.pdf
  • https://5d3a357a-25b2-4459-9cd8-210b235f7b36.filesusr.com/ugd/45e30f_dc2041c2e7354760a5b20b7705ee33a3.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.