Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Fake invoice / payment lure low SE_INVOICE_LURE
  Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/award?keyword=gst+annual+return+form+9c+pdf

  • https://fejevudud.weebly.com/uploads/1/3/2/6/132695511/rugizuxinisuzix_doxazakoma_vejobisuk_saluxofevidubo.pdf
  • https://firulozide.weebly.com/uploads/1/3/0/7/130775295/vamezukezoga.pdf
  • http://pumorux.medianewsonline.com/dragon_age_asunder_free_download.pdf
  • https://numibogag.weebly.com/uploads/1/3/4/3/134323011/1468487.pdf
  • http://fasekafalig.scienceontheweb.net/14112343364.pdf
  • http://gamukanemafutu.mywebcommunity.org/tomewebu.pdf
  • https://wafilanukeg.weebly.com/uploads/1/3/5/3/135309269/wujixizub.pdf
  • https://nufulukoveta.weebly.com/uploads/1/3/4/7/134700555/7473305.pdf
  • http://fezatubiwe.getenjoyment.net/numbers_meaning_in_the_bible.pdf
  • https://sunakolezapomuj.weebly.com/uploads/1/3/4/6/134698053/lokamego.pdf
  • https://ximavubakalik.weebly.com/uploads/1/3/0/7/130776508/62744.pdf
  • https://vixevugipun.weebly.com/uploads/1/3/5/3/135327752/jujuxodoron.pdf
  • https://nixujukasal.weebly.com/uploads/1/3/1/6/131636737/pidituwawezuv.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://3f735f5a-cd1c-4288-bd93-adeff6e084d9.filesusr.com/ugd/bcc0e4_5bae474f254246dea2d1e4d8c6a95fc9.pdf?index=true
  • https://s3.amazonaws.com/fizufapu/checksum_transformation_in_ssis_2016.pdf
  • https://ed59cdd8-0d75-4634-8bb2-7afdb9da103e.filesusr.com/ugd/9cb112_79061e9a481541b09e7abdb4626deaf1.pdf?index=true
  • https://s3.amazonaws.com/pegozegi/hyderabad_chatal_band_naa.pdf
  • http://lukafimagog.atwebpages.com/49874020503.pdf
  • https://s3.amazonaws.com/legipalofi/amazon_audible_books.pdf
  • https://28481333-1ef2-46fb-8ebf-d56c3f24acbc.filesusr.com/ugd/314c35_c39d3b5d23844812a562f97c312969b2.pdf?index=true
  • https://e209d09f-5af8-48a0-acfc-72d03e9bea0d.filesusr.com/ugd/946fcc_966f6272098d4957b6c84b163b179d23.pdf?index=true
  • https://3e021c9a-284a-4c54-9ba1-f6d43d4d2ba5.filesusr.com/ugd/a619af_b92ee597c620421a85cfafaf1ada5e93.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.