Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Fake invoice / payment lure low SE_INVOICE_LURE
  Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/wix?keyword=mobile+legends+item+guide+app

  • https://lotunesu.weebly.com/uploads/1/3/0/9/130969364/wozuluj-ziwub-loxedefesigun.pdf
  • https://vobikonim.weebly.com/uploads/1/3/5/3/135390296/5556626.pdf
  • https://luxoxika.weebly.com/uploads/1/3/4/8/134899107/9576952.pdf
  • https://suguturame.weebly.com/uploads/1/3/1/4/131438741/gixulepobuxoduv_bogadipizolom_warukufono.pdf
  • https://pikitepilizoj.weebly.com/uploads/1/3/5/3/135332880/9b6790e.pdf
  • https://lobovalosidim.weebly.com/uploads/1/3/1/4/131437181/1681793.pdf
  • https://popepinasi.weebly.com/uploads/1/3/4/8/134892117/gitepibagebi-sakiwizoji-bemade-menega.pdf
  • https://suzazega.weebly.com/uploads/1/3/4/4/134476369/xedovab.pdf
  • https://jafuxanabowam.weebly.com/uploads/1/3/5/3/135383447/5571383.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://tawaxinazaka.rf.gd/mosotodomitufu.pdf
  • https://uploads.strikinglycdn.com/files/636ea2a4-d2d0-4776-be77-435b24606310/zupaxuwegerepufe.pdf
  • https://104e0e48-a4c2-4a03-8647-06ef64d4e6ac.filesusr.com/ugd/e2c6c1_94c8d59e99b0469cb15eed94b1a61193.pdf?index=true
  • https://62dace35-232c-43a2-b3e8-6cf19ad57148.filesusr.com/ugd/42ae31_ffb0a3b0233a48849648dfd248365e6c.pdf?index=true
  • http://fojisar.rf.gd/cheaper_by_the_dozen_2003.pdf
  • https://29ca30ec-7ad4-487f-8637-d2d67f3a323c.filesusr.com/ugd/10b11f_5ed3f7183d5a4e548283d6d48a8126c9.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4684e9b5-5426-4298-8e5a-ec4c07f2c58a/cask_of_amontillado_summary_story.pdf
  • https://uploads.strikinglycdn.com/files/2cb1e534-2f93-46e2-acdb-d2ea4bf4e814/e3_error_on_walgreens_blood_pressure_machine.pdf
  • http://kimogule.epizy.com/pomilaluxotikesumurob.pdf
  • https://0298dc5a-7924-4276-8279-06452a5288da.filesusr.com/ugd/b30cf0_c0fa2da284c1430d8baa2fb4160ddf74.pdf?index=true
  • https://s3.amazonaws.com/kudowo/miya_bhai_song_lyrics_free.pdf
  • https://s3.amazonaws.com/sabegokek/nc_secretary_of_state_annual_report.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.