Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/123?utm_term=professional+cv+template+doc+free PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://rejinivak.rf.gd/aap_se_milkar_song_pagalworld.pdfIn PDF document text
  • https://6f81cef9-66a2-447d-9e1d-4c0427ef15c5.filesusr.com/ugd/4d935e_593884706fdc42bb9cd5a4df7e44a9e3.pdf?index=trueIn PDF document text
  • https://1e16f6d7-285b-4488-bf07-d3e24ac90e20.filesusr.com/ugd/417718_7b6577d7fc6e4fda90884fdcfe229e33.pdf?index=trueIn PDF document text
  • https://7ef5d8b8-74ac-4e0a-b0a0-fa61ca6462a8.filesusr.com/ugd/23e9be_53b0975f1dbb4147bcdb8763b14dad6c.pdf?index=trueIn PDF document text
  • https://d2d87fd5-5f4d-49aa-ab3c-2263ce4b5d22.filesusr.com/ugd/9169d2_db98009a7f7f480591f0ad5e2165826c.pdf?index=trueIn PDF document text
  • https://144c9d4d-401b-437b-b89f-6a5816d7da47.filesusr.com/ugd/cd33f5_91f57010490c43a8a919944899023924.pdf?index=trueIn PDF document text
  • https://71bfc0c6-4bef-405a-aee6-9e9dcaab3d12.filesusr.com/ugd/708cfd_c4d3c75dc9aa4465b69fd2e11f2d9466.pdf?index=trueIn PDF document text
  • https://01d67eed-50ba-4ccb-8f82-c1581f7ed07e.filesusr.com/ugd/e3325f_df785b09f1874b819d488a97f05a4ad8.pdf?index=trueIn PDF document text
  • https://24451074-f53b-4065-993c-779ba3957988.filesusr.com/ugd/0ae25f_8c11d30543cc47d4b4539538c5cc92af.pdf?index=trueIn PDF document text
  • https://07bd7893-a6ec-44d5-90fe-c719e602c0bd.filesusr.com/ugd/aafaff_ec63ac569c3d43ca9fe96c3e2b5bb561.pdf?index=trueIn PDF document text
  • http://fedatowuka.epizy.com/iron_deficiency_anaemia_guidelines_uk.pdfIn PDF document text
  • https://c81c1a69-aec6-471c-ac34-7a6800eafc69.filesusr.com/ugd/9ef1ea_c62edf9f4e7749b496a2afcaf1ba074f.pdf?index=trueIn PDF document text
  • https://e20d271a-53e3-41f9-9180-d6cd5f9fd148.filesusr.com/ugd/6cfc61_39d4678d17094613a0dbc087ec82196b.pdf?index=trueIn PDF document text
  • https://a804c8a8-fdf7-4fba-b19b-c23aecc29597.filesusr.com/ugd/a7074a_bb6ec87bd571449f81347e936c1cf807.pdf?index=trueIn PDF document text
  • http://gusadixesexa.epizy.com/31786666309.pdfIn PDF document text
  • http://musezuw.rf.gd/hollywood_reporter_list_of_top_film_schools.pdfIn PDF document text
  • https://c3e810f9-371e-40b9-9a0b-4695a496ec77.filesusr.com/ugd/2c7c49_c38af03d23f34787bff5006299efac7b.pdf?index=trueIn PDF document text
  • https://e1318bff-d970-45e2-bcea-45481503a18b.filesusr.com/ugd/75a96d_b0edaf2ffea14035b0fea98bb950ed71.pdf?index=trueIn PDF document text
  • http://togipumenotu.epizy.com/tabom.pdfIn PDF document text
  • https://8d94caac-80d5-4f6d-a73a-04ed47837dc1.filesusr.com/ugd/585b1d_4bd34b1f33ed4bbfbec35e42d0916071.pdf?index=trueIn PDF document text
  • http://devepovamijube.epizy.com/bose_qc20_android.pdfIn PDF document text
  • https://91506351-5699-48ce-85e7-8e7d071f4e87.filesusr.com/ugd/d775a9_c2fafec5561b4f32a04855c805df681b.pdf?index=trueIn PDF document text
  • https://109d6476-c6f4-4eee-b84c-907698fb4207.filesusr.com/ugd/0d7ebf_9ef0e79f1b684d1f87f3abb1ec9e5b50.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.