Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• ClamAV scan did not complete info CLAMAV_SCAN_INCOMPLETE
  ClamAV scan on this file did not complete (ClamAV error (exit 2)); the verdict reflects only static heuristics. The result is not cached so a later submission will retry the scan.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=history+of+chinatown+singapore

  • http://luminar3-download.xyz/26834433653vhryr.pdf
  • https://cdn-cms.f-static.net/uploads/4383687/normal_602d39a537f80.pdf
  • http://dk-inc.xyz/mikroc_full_indiriildb.pdf
  • https://cdn-cms.f-static.net/uploads/4420451/normal_602026d66c9e0.pdf
  • https://static.s123-cdn-static.com/uploads/4421339/normal_5ff24853183ad.pdf
  • https://cdn-cms.f-static.net/uploads/4403273/normal_602b3d28bc32f.pdf
  • https://cdn-cms.f-static.net/uploads/4376357/normal_601cb6b013778.pdf
  • https://9907981b-0bc7-4fd3-a434-169f7cdadf42.filesusr.com/ugd/575363_179ef0fb6d3d4effb296ee85dfb98c76.pdf?index=true
  • https://uploads.strikinglycdn.com/files/138513f6-4503-4366-96ef-652753e27332/which_indian_food_has_more_calories.pdf
  • https://6a24fdd2-d4a5-4c4b-882b-0f3115751bcf.filesusr.com/ugd/04e6f9_152ee7e9cff2430296ab9fe34100a03b.pdf?index=true
  • http://jopuzasoxu.rf.gd/adobe_photoshop_trial_version_free.pdf
  • https://54a0e2cb-796f-4f80-9aaf-d11633176b06.filesusr.com/ugd/b0c554_fa1a7f58a74644b2a8ba42797470d221.pdf?index=true
  • https://4be8a7ba-6c9a-47a4-99fc-a5961b41a404.filesusr.com/ugd/132250_ba1b3dd86609499ea4af953027ff94f9.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a2fb700c-b075-486f-b46e-56aacbe6c61a/sosateguwukapaz.pdf
  • https://0e9c393c-9feb-4465-ae9d-4486bea7a644.filesusr.com/ugd/4b68be_6cc6b417bbaf4315a09b8c63780751bc.pdf?index=true
  • https://uploads.strikinglycdn.com/files/079f64e9-71bd-4dd2-9e93-1c32ddf54889/davasaverisazumino.pdf
  • http://zaximibirada.epizy.com/28494272258.pdf
  • https://562c2315-396f-49d1-9e45-1236e049cb13.filesusr.com/ugd/ec0012_d7d4b809b0f9483f91a8bf639086a7f2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/584eafdf-6e64-4e46-96bb-e56c4fd8bd4f/lijokategokilitulodikawiw.pdf
  • http://pupisovid.epizy.com/neperinaduxaxax.pdf
  • https://f6180879-d31b-499c-8e42-fead7842c491.filesusr.com/ugd/007227_ccef2d3520e54f6e8b5180bcdd0bc3db.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/

Open this report in the interactive analyzer, or submit your own file for analysis.