Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maypoin.ru/wix?keyword=finding+latitude+and+longitude+on+a+map+worksheet

  • https://cdn.sqhk.co/nogorodizet/czjbnT8/99797989168.pdf
  • https://cdn.sqhk.co/vatuliwa/9jcphf2/10922993200.pdf
  • https://cdn.sqhk.co/suwojixuwebi/jA2jc88/grow_empire_rome_hack_app_download.pdf
  • https://cdn.sqhk.co/jenetuwuda/WEgcQFw/containers_wars_full_episodes.pdf
  • https://cdn.sqhk.co/puxedimuwo/gehbiem/46777787534.pdf
  • https://cdn.sqhk.co/ketusugedi/gghfKjb/lenovo_ideapad_330_specs.pdf
  • https://cdn.sqhk.co/pinofizulag/gjA0RLL/zakabasadebijawukoderu.pdf
  • http://pro-komp-master.website/smash_allegations_202030yv8.pdf
  • http://creditscoreusa.info/sony_trinitron_tv_remote_control_appl9lf6.pdf
  • https://cdn.sqhk.co/mulepava/KNjjdhc/helvetica_bold_font_free_windows.pdf
  • https://cdn.sqhk.co/miloxuso/ifjbu9A/cosmic_anthropology_definition.pdf
  • http://load-bcp.com/kazowidip19u33.pdf
  • http://makedctl.site/xuzazakaxezibidajim8n3t1.pdf
  • http://olx-delivery.cc/medical_physiology_sembulingam_book1qfbx.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://528f6e5c-6927-42ef-b7a5-a8f9c349750c.filesusr.com/ugd/07b979_52340af6907c44c685c47bc7abecd35c.pdf?index=true
  • https://97d49ff2-d914-4ae4-8ac8-5e5cf5f77cad.filesusr.com/ugd/6350c7_dde730ae833f4e76b17f46f88e7362f9.pdf?index=true
  • https://6ddb26ad-aa8e-4a3e-a925-5cef6fc035e1.filesusr.com/ugd/d3d820_53c2c60d6c444572b3611cd1ab16577b.pdf?index=true
  • https://badbb018-ab4e-499b-b788-960949b82e3d.filesusr.com/ugd/4f4c56_e1c9f323ada0409bb1107b2120033e54.pdf?index=true
  • https://e1318bff-d970-45e2-bcea-45481503a18b.filesusr.com/ugd/75a96d_6a5a4d77b1814719b9366daa5aeae7f9.pdf?index=true
  • https://9aef9be9-4304-4ec6-b02b-ded1eabc5d1b.filesusr.com/ugd/a571b8_12415b952cd34030a0a3925e5fb50947.pdf?index=true
  • https://s3.amazonaws.com/vuliwisuwig/fluke_1587_spec_sheet.pdf
  • https://s3.amazonaws.com/gurowozenupifi/bosadomanusukow.pdf
  • https://8964868a-aef6-4da0-9a9b-29de7c28e0c5.filesusr.com/ugd/b910ae_1452369e40cf4768b29f6432c90d200b.pdf?index=true
  • https://0621cc9e-6449-4e8a-a8bd-baee9ad62a2c.filesusr.com/ugd/affb4a_4272aff1d3c24d9d9fc95191b97da8e6.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.