Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=how+much+does+a+meal+at+panda+express+cost

  • https://static.s123-cdn-static.com/uploads/4417413/normal_5fc576ad9dcfc.pdf
  • https://cdn-cms.f-static.net/uploads/4415526/normal_604a05bb91619.pdf
  • https://cdn-cms.f-static.net/uploads/4446152/normal_5fe613d10f65d.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/421a74f7-cb5c-4d16-984d-cd30c58a33f5/delonghi_de320_dehumidifier_manual.pdf
  • http://kofepiropi.onlinewebshop.net/kititisuniwulebiso.pdf
  • https://15e12281-0fef-4bb1-b284-2b61ddec1698.filesusr.com/ugd/6c5390_c82cbe16e3334b26b960c1f67f409d5f.pdf?index=true
  • https://ced6af22-cf5f-4df0-9cd6-2d424634d287.filesusr.com/ugd/3eed2b_74fe151f3bec418c8270759246ddf9e5.pdf?index=true
  • https://0e75ab8e-f6a1-4360-bef2-1d94e06fde4e.filesusr.com/ugd/c0518c_71c1f54cdcef44f398b9b31bbe1ec1ff.pdf?index=true
  • https://cc0b58a5-7bf4-4b41-9cd7-d9bc0cd2cc6f.filesusr.com/ugd/6dc98b_0e0cac9fd695477b8bd1ba79293008dd.pdf?index=true
  • http://zisukuvi.atwebpages.com/business_environment.pdf
  • https://uploads.strikinglycdn.com/files/eec59ec5-f630-42ab-a412-bfbb63957f91/what_does_triage_nurse_mean.pdf
  • https://1e1f235d-56dd-4976-b20d-d38e3fe7b172.filesusr.com/ugd/210b45_b82384280a0a41319c5ae5215d058249.pdf?index=true
  • https://uploads.strikinglycdn.com/files/74b5bd43-b77d-49e2-9deb-8ccfe8445352/26927238062.pdf
  • https://uploads.strikinglycdn.com/files/020a7d0e-5156-4d25-a170-72a72cf59f5f/xuwirujewesovanegizibiw.pdf
  • https://uploads.strikinglycdn.com/files/ec81a09f-f73a-4f85-b728-256e40ee06d3/4e_dd_classes.pdf
  • https://2225f16e-b6a0-48e2-a067-d7e802b71dd4.filesusr.com/ugd/a7ada4_c5d1a5adf7e048d78fa400ba94d9dbda.pdf?index=true
  • https://uploads.strikinglycdn.com/files/09c6f8b3-8b84-4000-b258-dc6b415da897/42810364247.pdf
  • https://uploads.strikinglycdn.com/files/57965c31-c3c0-47d2-8269-ad765bed556c/what_exercises_can_i_do_with_resistance_tubes.pdf
  • http://farudigenudoze.onlinewebshop.net/lattice_gauge_theory.pdf
  • https://04fc2a56-3ca8-4b90-bfe8-b05f9e7ed3d8.filesusr.com/ugd/51e9d0_8e345bf4e36942f280005b1bc5a6bb43.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.