Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://queure.ru/pbw?utm_term=introduction+to+radiologic+technology+8th+edition

  • https://divugukapo.weebly.com/uploads/1/3/4/7/134706398/d0a3027ceaa8.pdf
  • https://cdn-cms.f-static.net/uploads/4453551/normal_60433fffe0f0c.pdf
  • https://pisubamu.weebly.com/uploads/1/3/0/7/130740412/3015950.pdf
  • https://cdn-cms.f-static.net/uploads/4460950/normal_6045028ada0c0.pdf
  • https://static.s123-cdn-static.com/uploads/4495039/normal_5fe3e55496417.pdf
  • https://vijivavepedu.weebly.com/uploads/1/3/4/3/134313627/sogovelezixuvu.pdf
  • https://vizegibog.weebly.com/uploads/1/3/4/4/134458583/291e0ea997.pdf
  • https://liburesaxus.weebly.com/uploads/1/3/4/3/134372769/a00bc3e349e.pdf
  • https://static.s123-cdn-static.com/uploads/4490917/normal_5fcd04e11cf9f.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://xojifot.pbworks.com/f/what_does_1231_mean_in_time.pdf
  • https://uploads.strikinglycdn.com/files/11fec4fc-f1bc-41ef-9d21-6ea8c539a994/kixitizipofovafuxuku.pdf
  • https://uploads.strikinglycdn.com/files/ddf9d0c6-4cc4-4f3d-8561-55ac900557d4/10176592456.pdf
  • http://kufujibumufa.pbworks.com/w/file/fetch/144424044/english_file_upper_intermediate_students_book.pdf
  • https://uploads.strikinglycdn.com/files/bb34e93b-f584-4bcd-b51e-48b13526838c/derebalebesidixopovedaw.pdf
  • https://uploads.strikinglycdn.com/files/0754b124-8b91-4764-9ddc-d023ab1e2ff0/bivubesuxerazatefawa.pdf
  • https://uploads.strikinglycdn.com/files/110c4d96-56c2-426c-a528-542fb9a47a23/71426741991.pdf
  • https://uploads.strikinglycdn.com/files/79f34d08-da14-4c1d-81a5-de2e49a5de04/youth_soccer_strength_and_conditioning_program.pdf
  • https://uploads.strikinglycdn.com/files/47a8047f-8cd0-4c48-9298-2357128e11ee/att_remote_not_turning_off_tv.pdf
  • http://mosijiv.pbworks.com/f/xulafaporixeg.pdf
  • https://uploads.strikinglycdn.com/files/d6e73f49-55d6-44dd-84bc-28e506169fb4/how_to_screen_for_borderline_personality_disorder.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.