Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/wix?keyword=bridgerton+happily+ever+after+pdf

  • http://lotukaguw.sportsontheweb.net/applied_mergers_and_acquisitions_bruner_free_download.pdf
  • http://wulutapebime.getenjoyment.net/biometria_hematica_en_el_embarazo.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/e1c63d0d-015a-4f48-b0da-ac0396ade3c8/96758243851.pdf
  • https://ec560393-4650-4708-bf0c-d08fceb8458c.filesusr.com/ugd/ca69db_aafd054a94054021a5aefa95785817f0.pdf?index=true
  • https://uploads.strikinglycdn.com/files/c20bf8a5-dd71-42ed-a398-50922bba0485/dbt_training_2020_online.pdf
  • https://6ec3981f-6443-463b-a164-91fc69f101d9.filesusr.com/ugd/7603ae_fd56341735da478a8aa782e657af911d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/44166030-0f1e-497b-8163-01cec11a1571/joe_brown_ill_see_you_in_my_dreams_ukulele_tab.pdf
  • https://uploads.strikinglycdn.com/files/2c5b02e7-048f-4ee8-b9bb-1a2b7e7061e4/pagolutawake.pdf
  • https://s3.amazonaws.com/sazixipame/11878690678.pdf
  • https://s3.amazonaws.com/resixexi/asphalt_8_cheat_engine.pdf
  • https://uploads.strikinglycdn.com/files/d0aadc17-266f-4886-8981-c258c67240e6/jogekovopofuz.pdf
  • https://1a9cd40a-f0d6-44d4-a143-19288280ca2b.filesusr.com/ugd/7a13df_bcb11a2468474968b25cad7a648c72cd.pdf?index=true
  • https://uploads.strikinglycdn.com/files/53efdcc5-ab82-4fe5-b37f-096158d96b4c/guardian_underground_fence_collar_instructions.pdf
  • https://s3.amazonaws.com/nakuzafol/what_is_the_rule_that_describes_this_pattern_of_numbers.pdf
  • https://s3.amazonaws.com/minegikukovel/forbes_travel_guide_2018_hong_kong.pdf
  • https://uploads.strikinglycdn.com/files/f8c63e0d-ebcb-4012-a658-38dfa72c3c55/55179039913.pdf
  • https://s3.amazonaws.com/mesotodimus/35266031579.pdf
  • https://uploads.strikinglycdn.com/files/0197091e-ac8d-4e00-9223-cd325482fc86/what_is_the_role_of_social_studies_in_social_interaction.pdf
  • https://e22e8d81-f41f-4d51-abb1-39b19d2d32bb.filesusr.com/ugd/96bf9d_564bd463f6a1484eb7599cbd41cbb5b9.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b4062376-6c73-464e-a03c-248c5a961698/comcast_cable_box_ethernet_port.pdf
  • https://s3.amazonaws.com/fosalizuzu/aludecor_acp_sheet_dealer_in_bangalore.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.