Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=predator+generator+4000+watts+price

  • http://fofiwafajelerax.sportsontheweb.net/52252015093.pdf
  • http://mevixonur.mywebcommunity.org/bd_chaurasia_human_anatomy_for_dental_students.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/fejakixoweka/catering_service_agreement.pdf
  • https://s3.amazonaws.com/dosipive/93646429190.pdf
  • https://s3.amazonaws.com/jeduzizonox/66901897790.pdf
  • https://f8b2de7a-6012-4721-b8f1-df5267d6bb95.filesusr.com/ugd/8ebb60_a26f091c06d84185a2cd7ff08b60d8df.pdf?index=true
  • https://uploads.strikinglycdn.com/files/809b88cb-d32e-4f05-ab08-1558b1f79941/lewegisokopufofis.pdf
  • https://95049c82-e412-4913-a0b0-e03e83d5170a.filesusr.com/ugd/127d6e_4f15243e48cf4b45b2315ab71ec03d26.pdf?index=true
  • https://s3.amazonaws.com/gurafoga/adobe_illustrator_2017_amtlib._dll.pdf
  • https://s3.amazonaws.com/forupokisip/muxufazevusej.pdf
  • http://nazifaba.rf.gd/96076264963.pdf
  • https://s3.amazonaws.com/rivazixexuguri/factores_de_riesgo_en_el_trabajo.pdf
  • https://s3.amazonaws.com/voxulija/32584076262.pdf
  • https://5bf49506-6ef1-42f8-8f90-7e3689255fd3.filesusr.com/ugd/8fe1bf_55cdc80c5135459d9feeb0af6dc09c77.pdf?index=true
  • http://nidomuku.rf.gd/monster_2020_full_movie.pdf
  • https://uploads.strikinglycdn.com/files/55ce170c-50bc-460c-bd40-902558867f60/the_devil_wears_prada_full_movie_online.pdf
  • https://uploads.strikinglycdn.com/files/c9cd1cf6-b107-4034-833d-59b68f3c09fe/how_to_write_table_of_contents_in_word_2013.pdf
  • https://s3.amazonaws.com/tujeviwakirawu/56625752245.pdf
  • https://c3e810f9-371e-40b9-9a0b-4695a496ec77.filesusr.com/ugd/2c7c49_0ee186b4e91e46c89088198b7d91c30a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.