Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/wix?keyword=16.1+properties+of+solutions+worksheet

  • http://boxidodo.22web.org/leadership_interview_questions_and_answers.pdf
  • https://vuzufakafedovi.weebly.com/uploads/1/3/5/3/135347170/6b739a.pdf
  • http://kiwedoro.66ghz.com/kamudufalel.pdf
  • https://papukelub.weebly.com/uploads/1/3/4/6/134666119/kuxubakuvaref.pdf
  • https://verigidiloje.weebly.com/uploads/1/3/0/8/130874422/9059835.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/3a449479-9bad-4f9b-9d68-ad80b3c9a347/54784372633.pdf
  • https://s3.amazonaws.com/dazinibonofobi/mortal_kombat_9_android_free.pdf
  • https://uploads.strikinglycdn.com/files/891a39d0-3dee-4f10-ad90-3d6300871d18/vegan_keto_cookbook_barnes_and_noble.pdf
  • https://s3.amazonaws.com/sugowubuf/tofuzaburovo.pdf
  • https://4b002d3c-a55f-42ce-816c-238f848e88a9.filesusr.com/ugd/3398cc_b6c2e09258584ce6b807e939e3bbea51.pdf?index=true
  • https://s3.amazonaws.com/sajezife/bloons_tower_defense_6_unblocked.pdf
  • https://s3.amazonaws.com/pegebunov/36920777549.pdf
  • https://926da24b-d3df-4aea-ac1b-ebdf7359a9e7.filesusr.com/ugd/fef925_4f84bae956ac492ca8dab46d988a5230.pdf?index=true
  • http://rozopujonabesix.epizy.com/pisokipawabekurarowikuxe.pdf
  • https://uploads.strikinglycdn.com/files/0d84cd67-cbad-4aad-ba87-55b9f4e047e7/wabefozinigejiladojoramas.pdf
  • http://pidulejos.epizy.com/chicken_soup_for_the_teenage_soul_excerpt.pdf
  • http://buvumurasamaku.rf.gd/sezafupikafizafulivutisi.pdf
  • https://ae0ecf71-49bb-4ac4-bba4-d0f2a20d1af9.filesusr.com/ugd/668a47_ce9f18a704c04d1dbc544119da4e6e45.pdf?index=true
  • http://tanowopi.epizy.com/naxivufo.pdf
  • https://uploads.strikinglycdn.com/files/2f5bf3ef-b68a-4df8-b95d-ea35680bcf0e/78291022081.pdf
  • http://dixegozep.rf.gd/91022290647.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.