Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/wix?keyword=wow+vanilla+leatherworking+recipes

  • https://cdn.sqhk.co/soxobiwefili/BjaB9DO/dixie_horn_kit_for_sale.pdf
  • https://cdn.sqhk.co/vopofuxo/F1t4hah/nightclub_story_mod_apk_money.pdf
  • https://cdn.sqhk.co/xafazunusa/9ifDhhS/84406816832.pdf
  • https://cdn.sqhk.co/danuzenanini/wAVjfji/juzerigaxumigedexebonomu.pdf
  • https://cdn.sqhk.co/letarezetap/6hdigjb/calligraphy_fonts_free_marathi.pdf
  • https://static.s123-cdn-static.com/uploads/4383806/normal_6006a61d3df21.pdf
  • https://cdn-cms.f-static.net/uploads/4379969/normal_5fd9937e71b27.pdf
  • https://cdn-cms.f-static.net/uploads/4391954/normal_6033374917495.pdf
  • https://cdn.sqhk.co/miwizawi/UIqEsic/juventus_news_24_twitter.pdf
  • https://cdn.sqhk.co/duzimisese/hivNhc7/spooky_scary_skeletons_sheet_music_french_horn.pdf
  • https://cdn.sqhk.co/tixukiko/d5jignu/58791724393.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/9ec9819b-9218-452d-8dd6-15366662856b/8230029433.pdf
  • https://33fe1336-4051-433c-b691-b763732126dd.filesusr.com/ugd/6c8f37_da9688ceb0c647c19415d6b7e4d987e3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/808667f1-29a8-4d8e-9005-b168bc16a771/xudinabix.pdf
  • https://d525ee04-2a40-494f-8ba9-fee52f7b18ee.filesusr.com/ugd/8b8e24_b8cab118968d407faaeb548ce9468cec.pdf?index=true
  • https://85ed388a-52e0-4e79-9737-9d4b769dda71.filesusr.com/ugd/bb10c5_ed6dc817db3949a19b9e896467dc949a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c6c897a8-536f-4834-9c1d-5fd2a2c2960c/ihip_elite_bluetooth_headphones_instructions.pdf
  • https://uploads.strikinglycdn.com/files/46411501-f561-408e-8730-775cbe4b8a16/how_much_is_uscis_filing_fees.pdf
  • https://e29f0852-aa8c-4fc4-a5db-fcd144ab7086.filesusr.com/ugd/b730be_1ad04c7c0a6543b7b0c33b45b50ed878.pdf?index=true
  • https://d21da297-2d1c-4020-882f-059d99c29dc9.filesusr.com/ugd/3724a2_d2911fcd9b0f4d2992898ca35991460a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/cc06b0f0-4d15-48e0-9af7-17ad83bcab97/princess_bedtime_stories_to_read_free.pdf
  • https://6bc61794-ec17-45f1-96eb-8bed4cd57308.filesusr.com/ugd/217b8a_4812536868e5485088437192deb1c585.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.