Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/wix?keyword=imagine+dragons+ages+of+members

  • https://tidemipevu.weebly.com/uploads/1/3/0/7/130740592/6b5d2df97c4d8.pdf
  • https://cdn-cms.f-static.net/uploads/4413473/normal_604ca012a2065.pdf
  • https://pobubejafak.weebly.com/uploads/1/3/5/3/135314602/sinuzofakebepopafi.pdf
  • https://vizefibamoraxob.weebly.com/uploads/1/3/4/6/134613498/risoladedaw.pdf
  • https://pawizujepus.weebly.com/uploads/1/3/1/6/131637171/kumiju-duvigaxifega.pdf
  • https://lovefuzabuzonif.weebly.com/uploads/1/3/4/1/134109130/7398188.pdf
  • https://cdn-cms.f-static.net/uploads/4388177/normal_6021856ae1737.pdf
  • https://bafonalilazuxi.weebly.com/uploads/1/3/4/7/134731076/xifilurewovidum.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://d190c387-1498-4382-a59e-98d1a0a9794c.filesusr.com/ugd/a91264_cdd25e1e30ac49a28b788b34f157b89b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/731c5472-48f9-433a-98aa-530874998a3b/epson_v700_review.pdf
  • https://uploads.strikinglycdn.com/files/4ff8afd0-857e-4f8b-9498-d309fa7c9cd1/keurig_vue_reusable_filter.pdf
  • https://uploads.strikinglycdn.com/files/370ef9a7-da7b-4973-a795-6e1deb0d5f8f/1999_club_car_ds_gas_service_manual.pdf
  • https://uploads.strikinglycdn.com/files/6251f38a-91d4-4d1f-aea7-eb4b8dbd2018/central_route_of_persuasion_psychology.pdf
  • https://uploads.strikinglycdn.com/files/c071ef7f-6d86-49a6-8a79-574a51aa705b/wifabororuv.pdf
  • https://uploads.strikinglycdn.com/files/5491c296-211b-4b2f-9afe-3a2b9e21eced/vuxetuxor.pdf
  • https://c7f0abc7-d23b-482d-bd16-0771495bb668.filesusr.com/ugd/bb13a2_7b72997a0b254c878666828ca89e7cdc.pdf?index=true
  • https://uploads.strikinglycdn.com/files/6a5acedb-9d1a-4322-bfb6-0ad88f3b7a8a/tomabefol.pdf
  • https://uploads.strikinglycdn.com/files/1ee8b599-9eae-42cf-ac2f-ffd2c5c1671d/los_cinco_lenguajes_del_amor_para_solteros_gratis.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.