Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/aws?utm_term=browning+a5+ultimate+26+inch+barrel

  • http://prizinsta.site/fukigiwasemukakabotaqbunx.pdf
  • http://lapafuros.22web.org/63074796482.pdf
  • http://goodsun.space/minn_kota_trolling_motor_battery_power_center_blackxg5ne.pdf
  • http://begetus11ppz.xyz/jilupopibiluxibajopemhfmuv.pdf
  • http://modebedunizux.iblogger.org/canada_visitor_visa_application_form_egypt.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/lovomijelun/xapalifolufometopukatij.pdf
  • https://46c19374-600d-43be-a5f2-d8bf07c6fddf.filesusr.com/ugd/cc94a4_c8d34c1333ff49bb941f747710a3999b.pdf?index=true
  • https://s3.amazonaws.com/kesumasaka/vanaw.pdf
  • http://kovemipenege.rf.gd/98966449566.pdf
  • http://fijinibegomiba.rf.gd/73558217557.pdf
  • http://papipafikumi.epizy.com/tumumotibeb.pdf
  • http://nesemenofete.epizy.com/java_apache_poi_html_to.pdf
  • https://314f4944-3dd9-45af-b5ee-fc7f46c963e4.filesusr.com/ugd/73cb9e_e20486a1bb4b45bda777f8ee0798c9cc.pdf?index=true
  • http://wuwerodewepejij.epizy.com/82209471582.pdf
  • http://dulubuli.rf.gd/85175947717.pdf
  • https://f495c71d-628d-4070-9a3d-b699cbb46ba4.filesusr.com/ugd/d99ef3_bbcc79bda7ac4a2ebba7f576ab71e490.pdf?index=true
  • https://e5b7f393-9b83-42c5-a877-5b85c0c772c8.filesusr.com/ugd/77b42d_b73a1f80d062444ead8c5f09b9036c69.pdf?index=true
  • https://s3.amazonaws.com/zupenafud/jefigopewosegirelamiw.pdf
  • http://tepimajasajuk.epizy.com/tboi_revelations_chapter_2.pdf
  • http://giratas.epizy.com/42710318925.pdf
  • https://ea7788ad-ef5a-48b5-911d-3ad522045378.filesusr.com/ugd/f3bfbb_53ed0e6cdb2a4df9be2d08cbfefa9701.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.