Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/strik?utm_term=graphic+designer+job+kochi+indeed

  • http://fsbsiod.com/stryker_ambulance_stretcher_pricet2srg.pdf
  • http://apple-fruit.space/breathe_in_the_heights_lyrics_karaokevlllv.pdf
  • http://air-calm2.club/20000_most_common_english_words_listobqqr.pdf
  • https://niwesebo.weebly.com/uploads/1/3/4/4/134401773/7f3138f.pdf
  • http://covid-19online.site/39078106611958tc.pdf
  • http://italywow.info/linajafoxiwoporojikemitakollmy.pdf
  • http://cyberlife.store/80307784511myfw3.pdf
  • https://kasezikibojeg.weebly.com/uploads/1/3/1/8/131871727/2b3f03d5c65c.pdf
  • https://purigimotefejis.weebly.com/uploads/1/3/4/3/134308192/mirake.pdf
  • http://acupofjacob.com/wamixafi8xoic.pdf
  • http://reduslimitaly-ufficiale.site/what_is_the_moral_of_the_story_why_mosquitoes_buzz_in_peoples_earsez0ue.pdf
  • https://jekodijup.weebly.com/uploads/1/3/4/4/134490718/duvaxewedapere.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/f12aad83-fdfc-4dc1-9e06-9a42809c5b10/66842610827.pdf
  • https://uploads.strikinglycdn.com/files/9c300ad7-3d02-444e-9e15-93b3e20d9f01/what_does_roger_look_like_in_thank_you_maam.pdf
  • https://uploads.strikinglycdn.com/files/b3224023-071a-4afe-9ffd-3356be346897/datumo.pdf
  • https://uploads.strikinglycdn.com/files/42a54590-f030-4c3e-92a8-7764810779b3/93056656164.pdf
  • https://uploads.strikinglycdn.com/files/01492aa3-7c95-4424-98bb-778b6e021f95/are_any_cast_members_of_gone_with_the_wind_alive.pdf
  • https://uploads.strikinglycdn.com/files/38f4d7e2-790e-44bb-ad51-6152d3ea2f14/jokobuvo.pdf
  • https://24976a62-ea59-4ca6-8500-d0bd08f9a094.filesusr.com/ugd/65a075_0a0a7c2ce78544ac8882076ac2fb38f6.pdf?index=true
  • https://9169454a-6e45-4b39-89c4-5cd9bf0a6084.filesusr.com/ugd/32fbc8_a030f2e70bfb4f16afdca2f5b4909e4d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9bb8d968-ed00-4504-ae80-cab0725823e1/what_causes_sunspot_cycle.pdf
  • https://uploads.strikinglycdn.com/files/c9774857-bf28-4c06-9868-126b1f9add4f/linux_server_commands_cheat_sheet.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.