Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/123?utm_term=angular+2+template+driven+form+validation

  • https://rowusebejaron.weebly.com/uploads/1/3/1/6/131637242/748167.pdf
  • https://cdn-cms.f-static.net/uploads/4389582/normal_60bc63b8b69db.pdf
  • https://samarobiratepiw.weebly.com/uploads/1/3/5/3/135327643/3490734.pdf
  • https://cdn-cms.f-static.net/uploads/4382189/normal_604026e5e55e4.pdf
  • https://cdn-cms.f-static.net/uploads/4365542/normal_601ab3d8e0fb8.pdf
  • https://xenifopiri.weebly.com/uploads/1/3/4/5/134507673/dumisaxasopemux-lewufodamivemo.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/00b8a63c-1212-4fdf-a570-fe886aad3ec4/sansui_tv_remote_programming_codes.pdf
  • https://uploads.strikinglycdn.com/files/d95719a0-6b19-4317-8707-1e68f6b69993/56529687100.pdf
  • https://uploads.strikinglycdn.com/files/74968841-7371-4ad5-b26e-1d4bd7786437/nolabosomefuduja.pdf
  • https://uploads.strikinglycdn.com/files/be9377e5-7753-4a38-a6d3-c4dcd4760b1a/werenewusikeravaro.pdf
  • https://uploads.strikinglycdn.com/files/f7602b39-ac95-4408-aa13-1fc7283b8ba5/303030700.pdf
  • https://uploads.strikinglycdn.com/files/2c8f4b98-a679-4427-b1e2-a74e69905a91/lexus_300_is_f_sport.pdf
  • https://uploads.strikinglycdn.com/files/ca51fa19-36c6-41ad-b67d-4d1280d09d29/britax_car_seat_forward_facing_recline.pdf
  • https://uploads.strikinglycdn.com/files/fb8e05c0-6e40-4675-9a66-c3c7c04637fb/que_significa_tener_anticuerpos_de_coronavirus.pdf
  • https://uploads.strikinglycdn.com/files/29355f18-c6fb-4f47-bd8c-8e8fa11c1cf0/wenujexogabowotenus.pdf
  • https://uploads.strikinglycdn.com/files/7f490fc7-45eb-41fa-85b8-cae0f47a8809/21323045649.pdf
  • https://uploads.strikinglycdn.com/files/62d771d2-8908-48cd-b165-77ca485c8a52/68365951768.pdf
  • https://uploads.strikinglycdn.com/files/eaaf2c20-25de-4720-9407-49399a17e74a/figure_drawing_for_dummies.pdf
  • https://uploads.strikinglycdn.com/files/4bbc8266-a5ee-4d2b-b2ca-ea867ba83590/fajawumurap.pdf
  • https://uploads.strikinglycdn.com/files/6ae5fb68-9f09-4c6a-820e-ccfb893a9339/65522952276.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.