Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=portrait+photography+definition

  • https://nesurufaratetud.weebly.com/uploads/1/3/1/4/131408203/bupobupanif.pdf
  • http://ejinaya.com/nejukulefufixazaxyrvxo.pdf
  • https://xoludifatak.weebly.com/uploads/1/3/4/4/134477652/cd01fd.pdf
  • https://vinipuzi.weebly.com/uploads/1/3/0/7/130776781/6117668.pdf
  • http://natur-green.fun/the_sims_4_cheats_pc_needsgxcdz.pdf
  • http://j3vnci4.xyz/normal_delivery_baby_video_freekf6pk.pdf
  • http://i12tws.website/when_is_black_friday_for_walmart_2020fcp1h.pdf
  • https://xovuxajewilim.weebly.com/uploads/1/3/0/7/130775567/542658.pdf
  • https://lexabefi.weebly.com/uploads/1/3/1/3/131384613/887191.pdf
  • http://obmenkalnr.online/i_ready_answers_level_h_reading_quizxvgp8.pdf
  • https://notefusiwedamap.weebly.com/uploads/1/3/4/8/134872173/d1aa490b60da3dc.pdf
  • https://tavifarexup.weebly.com/uploads/1/3/4/6/134611028/gazuk.pdf
  • https://zewugijisisu.weebly.com/uploads/1/3/4/8/134885238/8014256.pdf
  • http://verifedform.com/suresh_shahasane_kp_astrology_bookavo66.pdf
  • http://selectgetc.top/roomba_770_side_brush_not_spinningxxzsg.pdf
  • https://lafevisok.weebly.com/uploads/1/3/2/6/132683062/9e14bdb.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/eaae1bae-f9ab-4cc7-810f-89da86d2a6fd/role_of_teacher_in_organizing_co_curricular_activities.pdf
  • https://uploads.strikinglycdn.com/files/eba0f35e-1e98-488f-97c0-ad95f4eb2210/18569055404.pdf
  • https://uploads.strikinglycdn.com/files/3ac3bc5d-e6c0-42c3-a812-04adb4350649/what_is_the_formula_for_instantaneous_power.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.