Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://philabc.ru/pbw?utm_term=genshin+impact+latest+update+apk PDF link annotation

  • https://nudoguku.weebly.com/uploads/1/3/5/3/135306062/dulelewazojanat-vimabokevu-rubisaluxuzomo.pdfIn PDF document text
  • https://lukawonudos.weebly.com/uploads/1/3/5/3/135320707/kemeno-roratupeb-rigigole-jiwojuxi.pdfIn PDF document text
  • https://mipurilor.weebly.com/uploads/1/3/1/0/131071035/rajolopuzese-xugoma-lodobogofibixor.pdfIn PDF document text
  • https://jabikazisejifo.weebly.com/uploads/1/3/1/6/131606509/331067.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/ff572ac3-6f28-4e68-8ccc-11db092f12d4/youll_be_perfect_when_youre_dead.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/160c86db-f2ef-4f34-a60b-929672602ca0/zoluboduwaj.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/17d0f55c-38cd-4886-a695-5f370faff00f/zuzurigavor.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f91b1669-3a8b-4ca4-b31a-72814e370239/spanish_words_common_phrases_and_grammar.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/77f37199-aa67-4f61-88ff-b20224a97017/20096803046.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/354e405e-6396-47c4-a081-d012b45f50bc/550_paracord_dog_leash_instructions.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8ee7fcce-f2c0-487c-96e8-3e8a2fcc4efe/the_contrarians_guide_to_leadership_summary.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/366641c0-37c5-4679-bc7f-68d060351711/specialized_bike_computer_sport_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7909bd83-33cf-48a5-83d9-0c8ada90265f/what_message_does_romeo_urge_the_nurse_to_give_to_juliet_lines_163-166.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e6fd9171-4d4c-41cf-8363-99533802b6db/song_of_ice_and_fire_book_6_ending.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/46a1410a-7db9-4a83-ba6b-e8bb041653bd/whirlpool_duet_washer_broken_start_button.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/735f9b00-5084-4aa2-b8b5-984d0c8eb534/sejisulenoxezeraxagim.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/735bf98c-ba46-47de-8a9c-b99728f6a048/bivekomozerized.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9dd1b703-3995-4df3-a7e0-aa8672c93514/76896619905.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0ccbd0d5-347f-464d-97cb-d10525093e56/kotor_2_companions_influence_guide.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/60d5bc1b-6568-49ce-8c54-4ecbe222cf61/rojilap.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/977868d3-7a36-41ee-813e-420b279b32af/98332475698.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/ad10d234-6672-4965-a008-77a59cc00cf6/fowugolatoluzojekuwamul.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b9682511-b44d-4d3b-87b1-6b7a04b22bd6/rutolunujobumuruvopi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/04331490-dc3f-491c-ba26-febd3872fbba/16783973482.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cdbd2798-7f2a-45ca-ace9-6df0afb255f6/free_summer_bunco_score_sheet_template.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.