Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/strik?utm_term=historia+de+estados+unidos+resumen+corto+en+ingles

  • http://masajsalonunuz.com/how_to_tell_what_plants_are_ediblevdmj9.pdf
  • http://welitizenowem.mywebcommunity.org/ge_phone_number_for_service.pdf
  • http://natiral.space/diy_rifle_cleaning_stationvrdtl.pdf
  • http://sevowina.medianewsonline.com/logitech_create_keyboard_backlight_not_working.pdf
  • http://prizinsta.online/world_physical_map_blank_a4_size23v0w.pdf
  • http://kkkirrreeee.space/pampered_chef_food_chopper_ebaycjooa.pdf
  • http://secureappeal.com/google_analytics_exam_cheat_sheettslu3.pdf
  • http://dorulezebum.sportsontheweb.net/33217917739.pdf
  • http://dusejetiwogodad.getenjoyment.net/boolean_algebra_symbols.pdf
  • http://vomidujoma.scienceontheweb.net/little_red_riding_hood_short_story_summary.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://b595a6f9-6bcb-48d8-acfc-7cb8c696cf55.filesusr.com/ugd/21f311_c2852c0a6ffb4815af6d3f7030ee64cc.pdf?index=true
  • https://s3.amazonaws.com/rutufokedizon/88571141583.pdf
  • https://s3.amazonaws.com/tetofamuxulil/what_is_stephen_hawking_best_known_for.pdf
  • https://s3.amazonaws.com/tevigotu/wiwuwimedoxamufutuxelawe.pdf
  • https://f18b8dc1-3ce9-44bd-8712-01435d039869.filesusr.com/ugd/b97cba_0aa9ad9d1716439da74e33dfeedc4c26.pdf?index=true
  • https://s3.amazonaws.com/jamuluvuvava/practice_conversational_english_online.pdf
  • http://sifebitufol.onlinewebshop.net/69715880418.pdf
  • https://s3.amazonaws.com/zevutebulaworel/35282225500.pdf
  • https://d19688e0-347f-4d9d-8cb3-d47c6e049f3d.filesusr.com/ugd/c618e9_deda3580bffe4a96a717b10e8f944c43.pdf?index=true
  • http://xowobovu.myartsonline.com/download_game_simcity_4_android.pdf
  • https://s3.amazonaws.com/gotenukevepunin/92761370077.pdf
  • https://s3.amazonaws.com/xefezesebusu/sat_preparation_classes_in_delhi.pdf
  • https://s3.amazonaws.com/bifamomove/white_metal_detectors_for_sale.pdf
  • https://s3.amazonaws.com/xonobijikivo/25085213339.pdf
  • https://df6a9abb-74f3-47e1-b359-fe6d1019da36.filesusr.com/ugd/7921d2_0b970591023c4cd3860382a30c3716bd.pdf?index=true
  • https://s3.amazonaws.com/diwitapezu/why_are_conflict_resolution_skills_important.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.