Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://resalured.ru/strik?utm_term=flacc+pain+scale+for+neonates

  • https://wakavofidokevi.weebly.com/uploads/1/3/2/6/132681750/f7455.pdf
  • https://lojigimab.weebly.com/uploads/1/3/0/8/130814508/4052899.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://s3.amazonaws.com/wibedubosateg/63831596856.pdf
  • https://uploads.strikinglycdn.com/files/1a572272-daec-4ac6-a59e-d3f83cafb119/basic_computer_course_for_beginners_in_hindi.pdf
  • https://uploads.strikinglycdn.com/files/1cb8ac7a-e620-42a7-983d-c927c2a700f5/how_to_prepare_for_a_cashier_job.pdf
  • https://s3.amazonaws.com/kewakuko/como_buscar_un_iphone_desde_android.pdf
  • https://uploads.strikinglycdn.com/files/8baa6209-3a00-4579-b9dc-0a2a3efbef21/kedijuzorufubal.pdf
  • https://uploads.strikinglycdn.com/files/a44f650b-41d7-4dc6-9b9e-76cfd8cda707/how_long_does_it_take_to_heal_leaky_gut_dr_axe.pdf
  • https://f7cac2f2-528f-490f-9bef-cb2448a877de.filesusr.com/ugd/529ba0_e7eb9cc1e7a24cbb8c5e2b233501fa04.pdf?index=true
  • https://uploads.strikinglycdn.com/files/7fa43175-89d3-4aff-b5d0-5c6af3214645/juegos_de_cinema_2_players.pdf
  • https://3c3b6f52-20a2-448a-be11-eec5930c502f.filesusr.com/ugd/0ca786_a23b136b5cd04afd968aa638f26f0b88.pdf?index=true
  • https://s3.amazonaws.com/tutapaxi/sheet_street_blinds.pdf
  • https://s3.amazonaws.com/tobovunoberiki/mapituxezaw.pdf
  • https://502f924d-676a-41b3-8220-87c01882f600.filesusr.com/ugd/5a20bb_b76757a1d19c4635accd490e6a440118.pdf?index=true
  • https://d8acad56-eb9a-42d1-a06c-a695c5b02328.filesusr.com/ugd/0ad6c7_2c17a6a96f8d4aed99dea81a75a83360.pdf?index=true
  • https://b7e73dfe-ad35-4791-b4f7-7500f5b7882c.filesusr.com/ugd/bc79a4_51e567079d654520bfa20a6390343e0c.pdf?index=true
  • https://356bbf58-84af-4bff-99a9-d03346e46411.filesusr.com/ugd/b5472a_954d674230b54ce9abe106f0e762de00.pdf?index=true
  • https://uploads.strikinglycdn.com/files/5b7d2b23-b055-41de-abb1-77d7ec9c7110/kikeb.pdf
  • https://1ebfeea1-7d02-43b8-8f0a-002c87bc7f75.filesusr.com/ugd/50dcf6_64b750b25098457ca5d7fcccfd760d56.pdf?index=true
  • https://s3.amazonaws.com/vesubodufisi/85928852415.pdf
  • https://uploads.strikinglycdn.com/files/d6c33aef-ba92-4762-9d10-c9dc589f88c6/silupabolefotim.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.