Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=what+is+a+general+dental+practice+act

  • https://kukedinuril.weebly.com/uploads/1/3/5/3/135326584/6cc14140a.pdf
  • http://vpntop.info/72048982422r3f9.pdf
  • https://sujujiga.weebly.com/uploads/1/3/1/3/131379538/kimeta.pdf
  • https://fekanefitogi.weebly.com/uploads/1/3/4/3/134340372/lurasos-kebuze-didebebazo.pdf
  • http://visojafuzotubez.22web.org/algebraic_proofs_worksheet_with_answers_gina_wilson.pdf
  • http://idealsit.space/vasujagi5f4og.pdf
  • https://xuxefakeni.weebly.com/uploads/1/3/4/2/134234722/69f35b.pdf
  • https://sefubokadizafa.weebly.com/uploads/1/3/4/8/134880044/d7b96.pdf
  • http://kapuwapow.iblogger.org/learn_python_in_one_day_and_learn_it_well_free.pdf
  • http://vykupavto54.ru/febomuperivejadinonabopzu6x0.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://zoxokukazo.epizy.com/isolated_personnel_report_training.pdf
  • http://juruzozesema.epizy.com/how_much_does_it_cost_to_repair_laptop_fan.pdf
  • https://s3.amazonaws.com/xalasawu/data_mining_companies_in_california.pdf
  • https://cae2aa39-5014-47ec-b549-0fed73f36d02.filesusr.com/ugd/c8683e_81d2ebbc9d1f4902b73d411554c444e7.pdf?index=true
  • https://s3.amazonaws.com/zagapaxa/22069186623.pdf
  • https://681956c7-2c57-495f-b996-d04b50c745b0.filesusr.com/ugd/907d98_b9b0ccd901704497871288a5e7a200a4.pdf?index=true
  • https://s3.amazonaws.com/folexapurilowe/best_tank_builds_eso_2020.pdf
  • https://uploads.strikinglycdn.com/files/5a1cf326-b466-4400-9ad0-77667ba24179/65091781209.pdf
  • https://uploads.strikinglycdn.com/files/5bb3f69e-31b8-4389-adf5-31578e8adc2d/are_swann_cctv_cameras_any_good.pdf
  • http://jenamer.rf.gd/financial_accounting_exercises_and_solutions.pdf
  • https://s3.amazonaws.com/bopuxosavubare/how_to_use_netgear_nighthawk_ac1900.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.