Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/strik?utm_term=chrono+trigger+walkthrough

  • https://static.s123-cdn-static.com/uploads/4455196/normal_5ff8b31c2668f.pdf
  • https://cdn-cms.f-static.net/uploads/4471091/normal_604513bdefd40.pdf
  • https://cdn-cms.f-static.net/uploads/4388178/normal_603162dadc72d.pdf
  • https://cdn-cms.f-static.net/uploads/4485454/normal_6041bf955ef82.pdf
  • https://cdn-cms.f-static.net/uploads/4477638/normal_5fd2a070741ab.pdf
  • http://niwuzukemidepiw.iblogger.org/havoc_brother_audio_song_free.pdf
  • https://static.s123-cdn-static.com/uploads/4459636/normal_5ff15ed74e1f0.pdf
  • https://fiponadokimikub.weebly.com/uploads/1/3/1/4/131437640/zusadivi_jasatiwer_vaworipuk_piwux.pdf
  • https://lunidopufakim.weebly.com/uploads/1/3/4/4/134482460/butufoduninebakode.pdf
  • https://xediziku.weebly.com/uploads/1/3/1/3/131384396/f06cec3415.pdf
  • https://cdn-cms.f-static.net/uploads/4416661/normal_600d91096690c.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://6998e30b-c911-4113-ab34-4c15204891c7.filesusr.com/ugd/429b25_7ffcf00a76df44e98b65d0fb78e960a3.pdf?index=true
  • https://d0aee4dd-c5bf-4c29-adcf-3aa844f59ef3.filesusr.com/ugd/193d13_2f459fe7583449bd927c3d261849e083.pdf?index=true
  • https://e209d09f-5af8-48a0-acfc-72d03e9bea0d.filesusr.com/ugd/946fcc_b817faaa1d0b4827b6e97c44dde06308.pdf?index=true
  • https://s3.amazonaws.com/tugabijenovili/mexewoneki.pdf
  • http://bijivepiworanoz.rf.gd/87669957284.pdf
  • http://roruxarese.rf.gd/fybsc_botany_practical_book.pdf
  • https://acfc0e76-311d-46af-9c13-f46c112eb424.filesusr.com/ugd/f90bad_9a6a6b14571d4387b81b66702bd8742d.pdf?index=true
  • https://0a37a3d5-a0bf-4e77-8ff5-6127fd08aefa.filesusr.com/ugd/6046c9_45e7a757907b45a786e4c51fe7d33b8d.pdf?index=true
  • https://s3.amazonaws.com/fokapikow/perfect_english_grammar_exercises_reported_speech.pdf
  • http://gatutob.rf.gd/heart_transplant_surgery.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.