Malicious PDF — malware analysis report

Heuristics 7

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/strik?utm_term=data+structures+and+algorithms+in+java+michael+t.+goodrich+solutions PDF link annotation

  • http://reduslimitaly-official.site/adobe_flash_cs6_free_download_full_version_with_crack_64_bito6gdy.pdfIn PDF document text
  • https://cdn.sqhk.co/dederubap/eAjjhav/susapowogukujegumivoje.pdfIn PDF document text
  • https://cdn.sqhk.co/jutigurotow/2A0qmhc/jokokavuxot.pdfIn PDF document text
  • https://cdn.sqhk.co/sozodumupof/gicifha/2651460919.pdfIn PDF document text
  • http://job-finder.space/79166275674s01hz.pdfIn PDF document text
  • https://cdn.sqhk.co/durotula/Picjdpu/88192320431.pdfIn PDF document text
  • https://cdn.sqhk.co/vasinabew/LixYibk/pictures_of_floor_tiles_for_kitchen.pdfIn PDF document text
  • https://cdn.sqhk.co/nepelusir/pha8Egc/biochemistry_questions_and_answers_on_lipids.pdfIn PDF document text
  • https://cdn.sqhk.co/sewiboveso/gdsrihr/trains_run_on_time_saying.pdfIn PDF document text
  • https://cdn.sqhk.co/mubogasaven/YTgcVji/nogifevegipaxituxolo.pdfIn PDF document text
  • https://cdn.sqhk.co/tajugajobib/ghhiieO/fodowaxegadosemidenig.pdfIn PDF document text
  • http://myimperfectmomlife.com/marketing_planner_template_exceld172l.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://d5cf7a15-73c9-49c9-ad57-d4f0303abb0c.filesusr.com/ugd/0d002d_4240f87a9e384684b5f714d21858594b.pdf?index=trueIn PDF document text
  • https://1a447ccf-a6a5-490c-ad31-399ae8169532.filesusr.com/ugd/cf5184_5ba87ce0ba5b4c048f5219d5a2b82b4a.pdf?index=trueIn PDF document text
  • https://2a04f01a-7147-4793-98aa-b59dc93e6f96.filesusr.com/ugd/efcdeb_8f5c7087a6074299a2f1d7bc1b5fd974.pdf?index=trueIn PDF document text
  • https://c4a0f302-b060-43a0-af10-a0364da5eca7.filesusr.com/ugd/c6d327_14229531f510470f8944a02c58b85433.pdf?index=trueIn PDF document text
  • https://21e323bd-7fdd-46e9-a6c7-4880e76d7610.filesusr.com/ugd/0a51c1_e4e994d0e59049649c9d632306e4ff8a.pdf?index=trueIn PDF document text
  • https://c6f55193-7475-4343-97dd-33cb3b141b6a.filesusr.com/ugd/808d8c_826bb14c1027439494cd5f47462314a5.pdf?index=trueIn PDF document text
  • https://0f7a2101-273c-4f7f-b1fd-079d1ad923c1.filesusr.com/ugd/a7ea6f_d18eae75153f4b27aabd2ef8ad98e8fc.pdf?index=trueIn PDF document text
  • https://86b7bb9a-6a0b-496c-a062-e8aa60c365d0.filesusr.com/ugd/dcf311_0389ba1eddb847a1ace356dc0f4589b3.pdf?index=trueIn PDF document text
  • https://21e323bd-7fdd-46e9-a6c7-4880e76d7610.filesusr.com/ugd/0a51c1_30d5093376c24c7ea28c0e08459b2a35.pdf?index=trueIn PDF document text
  • https://e18e6c05-101e-4f41-9c4d-f518aea09dbb.filesusr.com/ugd/7972b3_1821dc5e04c343099b6739f9191e800a.pdf?index=trueIn PDF document text
  • https://e1eccfe9-8888-4f52-a155-e9c8e84e0752.filesusr.com/ugd/4fb05f_60fc55b3eb714476abeb4b08774e7e1b.pdf?index=trueIn PDF document text
  • https://e691ad07-92dc-45fa-af10-8929b4045ede.filesusr.com/ugd/87b9a8_dfd569949abd48dfad5c882c138a244a.pdf?index=trueIn PDF document text
  • https://0e01c86c-6ad9-43de-bc04-b8819f410213.filesusr.com/ugd/73c254_4c88ccaa4a7e488ea124adab02e48063.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.