Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/strik?utm_term=kitchenaid+artisan+mixer+5+qt+sale PDF link annotation

  • https://forupiwiwipugo.weebly.com/uploads/1/3/5/3/135349306/153dc5a0ef0e16.pdfIn PDF document text
  • http://jukejed.mypressonline.com/xetufazulewumifuvoxox.pdfIn PDF document text
  • https://matelusa.weebly.com/uploads/1/3/1/4/131406649/vapanevobelura_mufipofefa_xezufu_kotetake.pdfIn PDF document text
  • https://cdn.sqhk.co/vixemujomu/sRvicEY/masita.pdfIn PDF document text
  • http://mewudaguzexo.sportsontheweb.net/pdf_aide_au_logement_caf_2020.pdfIn PDF document text
  • https://robesiladobaluj.weebly.com/uploads/1/3/0/8/130813577/mukuzon-toguk-juwurojala.pdfIn PDF document text
  • http://xegazinijitup.mywebcommunity.org/55263120458.pdfIn PDF document text
  • https://cdn.sqhk.co/bodevoposuji/giia0ge/murava.pdfIn PDF document text
  • https://piturerakilapes.weebly.com/uploads/1/3/0/7/130775197/7339362.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • http://sazebufaz.atwebpages.com/jurnal_bilangan_bulat.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2f938238-29c1-4f6e-88ff-bbba4889879c/java_8_stream_api_map_example.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/db7f0f35-f412-462e-be90-9d1dfb73247a/lekunabexerob.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/58ca2ec7-c47f-493c-9f2c-478146b0e766/who_moved_my_cheese_amazon.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b2edb4eb-3fde-44ad-87b4-68b80b75a78b/jusagik.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/00a7daea-055f-46c3-a2a0-733517499866/the_penultimate_peril_online_book.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/482b1c6a-7182-4f92-9d2d-01e64b3d753a/is_focusrite_scarlett_good.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e669d65b-c8a6-4f29-a026-e1f59da300b3/how_to_set_di2_front_derailleur.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cd286093-1a02-4fde-8720-c84351e3ef2b/mcgraw_hill_connect_access_code_ebook.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fb55d82c-6af2-4c0a-a914-868e0df0d25a/dell_optiplex_9020_micro_specs.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/51c4e123-c97a-414d-b2f9-3675be63cc7a/how_to_draw_eyes_in_simple_way.pdfIn PDF document text
  • http://womawujun.atwebpages.com/difubelezowawatajogug.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e0bee7e2-736c-48dd-94e3-16f2e84f8d17/44749180461.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/520d3c72-2eaf-4a63-898b-5d6ef1a983f7/40827251091.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c9e6fa40-5123-423d-8d4e-d42a059b3022/lefitibawamanojegizo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/13f5ac87-1396-4b83-b5fc-098bb0b0ea90/most_important_phrasal_verbs_in_english_with_examples_and_explanations.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.