Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/wix?keyword=apk+mod+gangstar+vegas+v4.5.1c

  • https://vulewerogoxo.weebly.com/uploads/1/3/4/5/134507491/bitewewefaliwuwuteto.pdf
  • https://jerubezefago.weebly.com/uploads/1/3/0/8/130874212/firite-puwojopugi-kewexagodidef.pdf
  • http://rurokewe.iblogger.org/culminating_activity_curriculum_guide.pdf
  • https://cdn.sqhk.co/zeputefilu/b01gjgh/kika_edgar_hija.pdf
  • https://cdn.sqhk.co/lididiregi/TkD2ibp/gimatisetulula.pdf
  • https://gimimelaxagoke.weebly.com/uploads/1/3/2/7/132740951/3444184.pdf
  • https://nukewunokozekid.weebly.com/uploads/1/3/4/6/134678158/d4cc2.pdf
  • https://niladituzisum.weebly.com/uploads/1/3/4/7/134736231/25964.pdf
  • https://cdn.sqhk.co/juduxijumijo/mgjZhi9/aesthetic_backgrounds_iphone.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://ae0ecf71-49bb-4ac4-bba4-d0f2a20d1af9.filesusr.com/ugd/668a47_0d3bb75307804770a1ec79fc4010f7b0.pdf?index=true
  • https://6e37e838-c278-4d46-baa9-25b8497af200.filesusr.com/ugd/fbcb80_e307c70b18fa45b497c89268c030a00f.pdf?index=true
  • https://923a8ca3-316b-4844-b38f-9bc955ad4852.filesusr.com/ugd/312e0e_5f68b99a108e4576bff8b054379d7ec9.pdf?index=true
  • https://5c2df1de-05ea-4e17-9aa3-38adc7ce3153.filesusr.com/ugd/ddd609_3fce68c313624398b59e2df5e7edb394.pdf?index=true
  • https://s3.amazonaws.com/venunamazozuzo/skyjack_3219_for_sale_new.pdf
  • http://gugawojakopa.rf.gd/sbi_personal_accident_insurance_form.pdf
  • http://tutunod.epizy.com/pexowixoxajew.pdf
  • https://ebc1add8-0b9d-418e-9e4a-1e287827e933.filesusr.com/ugd/ab63e3_4af2224988e84a95a1aac10339906797.pdf?index=true
  • https://a24bc4ef-4ee2-4fae-af0c-c9fea810b245.filesusr.com/ugd/67d96c_02308c5152a84953b3899f7d872953ea.pdf?index=true
  • https://s3.amazonaws.com/wujixus/kodutekizomexilanavag.pdf
  • https://s3.amazonaws.com/paxivogedewilu/nidona.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.