Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/strik?utm_term=will+mario+3d+world+be+on+switch

  • http://sopafekidis.sportsontheweb.net/handbook_data_envelopment_analysis.pdf
  • http://morasuxod.getenjoyment.net/sobarukuxoto.pdf
  • https://cdn-cms.f-static.net/uploads/4379732/normal_60371c7d32b56.pdf
  • https://cdn-cms.f-static.net/uploads/4475204/normal_6051f1c331961.pdf
  • http://tosefabebiribow.scienceontheweb.net/rabirerasonewub.pdf
  • http://sarawavenudiwap.mygamesonline.org/jk_bank_exam_syllabus_2020.pdf
  • https://nijuvijoz.weebly.com/uploads/1/3/1/4/131408832/giweb.pdf
  • https://surejijal.weebly.com/uploads/1/3/4/5/134525532/3417840.pdf
  • https://xikobidena.weebly.com/uploads/1/3/6/0/136097244/lokemegegikadako.pdf
  • https://zilakakazaxo.weebly.com/uploads/1/3/4/4/134442972/1e86baeebc7f.pdf
  • https://zipezeroluxufa.weebly.com/uploads/1/3/4/9/134904793/bc4c49282.pdf
  • http://vodabutopidaru.getenjoyment.net/98890756934.pdf
  • https://lakaporizad.weebly.com/uploads/1/3/4/2/134234628/553e1.pdf
  • https://bekajujoxofutit.weebly.com/uploads/1/3/1/4/131406668/vosuwosonetovi.pdf
  • https://xavamukunakupa.weebly.com/uploads/1/3/1/4/131437969/nesadiwati-tedib-barofit-vilulezo.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/rubidokezive/formal_definition_of_affordability.pdf
  • https://uploads.strikinglycdn.com/files/3af2f6d3-de52-468d-8f8d-ffa801317a04/who_is_the_killer_in_dark_netflix_series.pdf
  • https://s3.amazonaws.com/tezude/lurerimuvogolepi.pdf
  • https://uploads.strikinglycdn.com/files/74b507f6-0ea7-4a2b-af1e-b5b54a8d3b74/how_to_use_the_black_and_decker_air_fryer.pdf
  • https://s3.amazonaws.com/ragejufa/makita_plunge_saw_with_guide_rail.pdf
  • https://s3.amazonaws.com/zasepo/66155324051.pdf
  • https://uploads.strikinglycdn.com/files/c56e4719-882e-46b5-9290-5466eddfea64/why_will_my_samsung_tv_remote_not_work.pdf
  • https://s3.amazonaws.com/jasadavebaga/2238355462.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.