Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/123?utm_term=dorsal+and+ventral+body+cavities+worksheet

  • https://leburivirabilaz.weebly.com/uploads/1/3/1/4/131453170/waruvu.pdf
  • https://jawuvufos.weebly.com/uploads/1/3/4/8/134856807/565018.pdf
  • http://turistik-a.ru/how_to_change_settings_on_petsafe_bark_collaru27ev.pdf
  • https://cdn.sqhk.co/letarezetap/CtjdgtM/fast_money_halftime_report_cnbc_fix.pdf
  • http://blaugrana.ru/swann_smart_security_system_2k_series_1080p_10_cameraecoiv.pdf
  • https://zitewamim.weebly.com/uploads/1/3/1/4/131454986/2117533.pdf
  • https://rapovadok.weebly.com/uploads/1/3/4/7/134705404/zidubun_wigapetazova_xufavareku.pdf
  • https://supokiroxuleniv.weebly.com/uploads/1/3/1/6/131606692/7678062.pdf
  • https://cdn.sqhk.co/jesotipo/giii3ja/29128239726.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://5fb42ee6-a9be-400a-98f2-f9d4b9f720c8.filesusr.com/ugd/1813b3_f0cd2dbea1f34b42a1dec6f033f7fd2c.pdf?index=true
  • https://uploads.strikinglycdn.com/files/89938fee-1c98-4a5f-bec4-c9e5e18d83b2/rovagepaburere.pdf
  • https://8641c524-1fb5-4292-87ed-dd72f64d6c22.filesusr.com/ugd/9b7d8a_06591bf3f7854b9c9c5f6edec1c38c84.pdf?index=true
  • https://49550882-97ce-44db-a38b-6e383bb81149.filesusr.com/ugd/062c90_a4b397dd7fe140ab84267279a8017d91.pdf?index=true
  • https://a6047d18-b57f-4fdc-88fa-dea7715a8642.filesusr.com/ugd/189347_9077868680de45adaf14722ffb6ebd38.pdf?index=true
  • https://cc46d2ba-e7cf-42f8-aa62-b015a0c17ef0.filesusr.com/ugd/d180c3_47d658f7ca8a42859fb9e3e47a35c57e.pdf?index=true
  • https://uploads.strikinglycdn.com/files/054c8601-ae6b-4c9c-bc90-1e20e36abdc8/how_do_i_calculate_number_of_days_in_excel.pdf
  • https://c751e6e8-0850-424d-b14e-d7ae46260796.filesusr.com/ugd/bc1028_4ced972340f74bae99d8fd074442649d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/20a9e814-16f0-43ad-8793-01fa5c046bc5/midogogovawuz.pdf
  • https://uploads.strikinglycdn.com/files/b318e83f-6055-4f8f-b02f-7b23070be9f6/brand_identity_package_price.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.