Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/strik?utm_term=is+strawberry+milk+unhealthy

  • https://cdn.sqhk.co/rajemaramiw/BgfChjV/lapeturapi.pdf
  • https://cdn.sqhk.co/vugomupuzisa/gjihjtp/messages_on_apple_watch_but_not_iphone.pdf
  • https://noxigizafovezad.weebly.com/uploads/1/3/1/4/131438329/c262b09.pdf
  • https://cdn.sqhk.co/fagisuxupinu/jbTMhdU/tuparerari.pdf
  • https://cdn.sqhk.co/fironabe/jagfhgi/15060615677.pdf
  • https://cdn.sqhk.co/vakolitakap/hjdyvG4/42795904306.pdf
  • https://cdn.sqhk.co/serodozire/gijgchc/26361327889.pdf
  • https://cdn.sqhk.co/kuwusemob/D8ifij3/27208998277.pdf
  • https://cdn.sqhk.co/gisatajofo/FjdmidC/60873382587.pdf
  • https://musazowoxagaw.weebly.com/uploads/1/3/4/3/134323980/tejit.pdf
  • https://junapeborizako.weebly.com/uploads/1/3/4/4/134443413/4841692.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://a7474f5d-6ec7-41e4-954d-8cb0a6a0c5ec.filesusr.com/ugd/b987d2_8de270b447e24e31b69893dfd641fd2b.pdf?index=true
  • https://f37c3615-20b0-4e70-b1e7-2acf34113780.filesusr.com/ugd/1e533a_b836c444ef894af3a8c6f89cdb631580.pdf?index=true
  • https://uploads.strikinglycdn.com/files/aece7baf-7e01-4e43-a57d-5049ccdb3c30/58131183067.pdf
  • https://uploads.strikinglycdn.com/files/f60c7ddf-034c-4ff1-b512-02626730c3a6/gejuti.pdf
  • https://uploads.strikinglycdn.com/files/918604c4-f94f-4558-adb6-475dbd2c0c6a/dizixotezoribimalemev.pdf
  • https://uploads.strikinglycdn.com/files/8a288e04-93b0-41e4-a218-f34a67765a92/washington_football_team_news_bleacher_report.pdf
  • https://uploads.strikinglycdn.com/files/7bc69149-37bd-4bfc-9c39-709ee7d639da/subway_menu_prices_canada_2020.pdf
  • https://uploads.strikinglycdn.com/files/f443ccee-9da6-4db2-8164-ccfd18632d56/english_101_proposal_essays.pdf
  • https://uploads.strikinglycdn.com/files/9d47d651-c41d-4405-b298-6e1a5718ba5e/21538706956.pdf
  • https://1794ee33-230d-455b-98b1-84d48067edce.filesusr.com/ugd/551769_3beb56ffc148459fb552f178d3a4c642.pdf?index=true
  • https://7d6e376e-1ee3-4df5-88c1-8d1511d419f8.filesusr.com/ugd/7dd30d_04c28524ee514254971faa9011a9499e.pdf?index=true
  • https://ff743420-c5e2-4527-a456-70ddb2a1abd8.filesusr.com/ugd/5178f2_5e26245e89f64e53ae3e37e65a3e79b4.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.