Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
  The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/award?keyword=punctuation+worksheets+grade+4+pdf+with+answers

  • https://cdn-cms.f-static.net/uploads/4476133/normal_6060a326db25a.pdf
  • http://hookup154.online/gi_joe_the_rise_of_cobra_full_movie003c6.pdf
  • http://b4shop.icu/refuxazovoxaguvizixepa.pdf
  • http://stebsmeh.space/ruger_p95_complete_disassemblyoh2x1.pdf
  • https://static.s123-cdn-static.com/uploads/4403140/normal_5fc9d279b5032.pdf
  • http://tomogorman.com/773170288303yq0o.pdf
  • http://waxokuvinati.iblogger.org/simile_metaphor_personification_hyperbole.pdf
  • http://topstop.site/90447751263smmek.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/c318e61c-44c2-43ea-89b3-64acaa3a5f16/fekupozelosopi.pdf
  • https://7f1158f2-e44e-4cac-991a-806210d1dc3e.filesusr.com/ugd/e4a8e1_a90793a998ae40cbbf94e22df338c660.pdf?index=true
  • https://uploads.strikinglycdn.com/files/63a644c7-17b1-474b-80e5-9656b915b1c9/95527383114.pdf
  • http://xepalufozakot.epizy.com/99861172145.pdf
  • https://uploads.strikinglycdn.com/files/77971817-eac4-4f2d-beb9-ddf378608eb7/dawilibefasowokosipowiv.pdf
  • https://s3.amazonaws.com/regovadeje/javascript_tutorial_2019.pdf
  • https://uploads.strikinglycdn.com/files/dfb67fca-0ad8-4d93-b5cc-e077d9918c36/77250343930.pdf
  • https://b32521b7-32ca-447e-9967-d27d0dce683d.filesusr.com/ugd/800b88_95e69883cc844c498d214fa61f119a93.pdf?index=true
  • http://xafasefulunasa.epizy.com/nexisujo.pdf
  • http://susesibukof.epizy.com/calculations_using_significant_figures_answers.pdf
  • http://xidaxol.epizy.com/hematology_drive.pdf
  • https://uploads.strikinglycdn.com/files/3538b16d-6539-4a8d-87a3-4918004296bf/agile_estimating_and_planning.pdf
  • https://f9c81679-ddb1-4746-ab40-32673edc426c.filesusr.com/ugd/2eff39_2c80e2ac902745d998a794da0868808a.pdf?index=true
  • https://s3.amazonaws.com/sojuravewi/meme_generator_apk_for_pc.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.