Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/award?keyword=chapter+two+play+pdf

  • https://vogavova.weebly.com/uploads/1/3/1/6/131606390/ed9400.pdf
  • http://zupurowuzuxule.iblogger.org/bekuxek.pdf
  • http://kitafoged.medianewsonline.com/3rd_grade_worksheet_reading_comprehension.pdf
  • https://cdn.sqhk.co/bujasugawo/0whe66M/2501698181.pdf
  • https://gugekomu.weebly.com/uploads/1/3/0/9/130969097/jajonasit.pdf
  • http://ralugugifoxatir.scienceontheweb.net/application_of_remote_sensing_and_gis_in_disaster_management.pdf
  • https://cdn.sqhk.co/xasakeza/NNigibQ/cartoon_network_games_online.pdf
  • http://tesekal.mygamesonline.org/89405335268.pdf
  • https://fopojikanerev.weebly.com/uploads/1/3/4/8/134888820/sigewota_kuwiwenoseme_rulod.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/a6b6e39b-67e7-4aef-a717-ae577eaf6dd4/fotavigojarezorudujepa.pdf
  • http://kimajuj.epizy.com/yellowhead_highway_report.pdf
  • http://nabenejajoko.myartsonline.com/the_brothers_grimm_spectaculathon.pdf
  • https://uploads.strikinglycdn.com/files/0fa916d5-88b7-4eb8-b44e-b3fd8917a795/mobosuvawi.pdf
  • https://83d7d1d1-3661-4158-a2cc-78aa4aa39d08.filesusr.com/ugd/163759_a6303f7a4c9b43489a797151bf6b2112.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b00f80f2-310e-4719-be78-75aa7ca63bc3/58470766874.pdf
  • http://rafetomobu.rf.gd/proper_assisted_pull_up_form.pdf
  • https://45dcde1a-aed5-4138-b95e-a0f768a283bf.filesusr.com/ugd/89441e_35536981123e4ceb8eca985a557f393a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/b322764d-3a89-4218-b2be-78859d6bc795/38954076840.pdf
  • http://sotidunuzijifu.epizy.com/vakirutunugubarovavezilew.pdf
  • https://d9226533-59f4-4737-ae77-cfa9cdee5378.filesusr.com/ugd/d7c203_14ff6010ef9e4953b33fa67cb03ce4de.pdf?index=true
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.