Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/123?utm_term=best+buy+my+hr+former+employee

  • https://cdn-cms.f-static.net/uploads/4447270/normal_60158c18d114a.pdf
  • http://stav-games.ru/line_6_spider_iv_150ieoxe.pdf
  • https://cdn-cms.f-static.net/uploads/4369912/normal_601e3ff26c3af.pdf
  • https://cdn-cms.f-static.net/uploads/4499002/normal_60281e698a368.pdf
  • https://cdn-cms.f-static.net/uploads/4419849/normal_5fd9283241ab8.pdf
  • http://dakisemakegag.sportsontheweb.net/where_is_the_defrost_timer_located_on_a_hotpoint_refrigerator.pdf
  • http://depusapo.mypressonline.com/70492846600.pdf
  • http://idealicait.site/the_archers_omnibus_27_september_202025860.pdf
  • http://prizinsta.online/11403333719s6d7i.pdf
  • http://kzrovk.xyz/vepesetelozvpo8g.pdf
  • https://cdn-cms.f-static.net/uploads/4467577/normal_60345dc84a684.pdf
  • http://life-news.tech/sinojanipitoziba9zyef.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://dab7fb03-f2af-4a8e-9cb9-31de623bedb3.filesusr.com/ugd/58b596_9e6e788832ef43a8a84c3d1f2a46ead3.pdf?index=true
  • https://60f6da8c-824c-4163-aae9-6195f2ac7ed4.filesusr.com/ugd/7f16bd_a819b2ea716848ae949408dcd8697366.pdf?index=true
  • https://s3.amazonaws.com/wofaxil/stephen_hawking_books.pdf
  • https://s3.amazonaws.com/dekogamik/blackberry_9900_whatsapp_apk.pdf
  • https://314a97e4-cc7b-499c-a999-42b15fb65c39.filesusr.com/ugd/fa4a73_1885e7141a7443e4ae42a71e45dc6c35.pdf?index=true
  • https://f37c3615-20b0-4e70-b1e7-2acf34113780.filesusr.com/ugd/1e533a_ba4ae567df6a4aa994243f7eef32882c.pdf?index=true
  • https://1b65b899-5fad-42bd-af9e-a3fb1d6a4c80.filesusr.com/ugd/a2ebd8_3e695af7a8e6412d9903b25c8f0db687.pdf?index=true
  • https://s3.amazonaws.com/kakef/56126534777.pdf
  • https://32cf4326-ba62-484c-a3ca-05d02c2dd2e5.filesusr.com/ugd/0b46e6_3ce8f2ef9b154cc18c78e599944f5d38.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.