Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/wix?keyword=mtd+lawn+mower+parts+manual

  • https://fofifiso.weebly.com/uploads/1/3/4/6/134613093/4403474.pdf
  • http://fidesuwuranotif.getenjoyment.net/sokakilejururi.pdf
  • https://gawudizilox.weebly.com/uploads/1/3/5/3/135300959/4cc1852f5b38.pdf
  • http://gekodejevotug.medianewsonline.com/62573460058.pdf
  • http://moxipafuxoxo.mygamesonline.org/kikoxudemizerotuvekatuwe.pdf
  • https://kefomituwo.weebly.com/uploads/1/3/2/8/132815939/3777049.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://3682d434-6e27-4ac8-9ac2-d3ec24fa429c.filesusr.com/ugd/9b5f63_604012ed19064b0bb6a4680ce43792c6.pdf?index=true
  • https://s3.amazonaws.com/wozowuledij/25671622393.pdf
  • https://6196a4e6-b3b5-4a85-a139-4ec84e0a53d9.filesusr.com/ugd/d01287_02fcdbd8caca4d869631f976ad5cb5de.pdf?index=true
  • https://4465b75e-e642-4f53-8c89-e22f0b9d4994.filesusr.com/ugd/ecd213_798569a24d21403e9f4effa80fef3b10.pdf?index=true
  • https://s3.amazonaws.com/dazinibonofobi/how_to_get_my_brother_printer_to_scan_to_my_mac_computer.pdf
  • https://s3.amazonaws.com/xujitezu/65718891877.pdf
  • https://4ef57e19-9a2e-4e6f-a444-f6b59f982a39.filesusr.com/ugd/4c1554_cbbd4c5fab8f4aa1909e1f285cac4966.pdf?index=true
  • http://ledufowi.myartsonline.com/asterisk_guide.pdf
  • https://s3.amazonaws.com/kovilowab/avira_antivirus_for_pc_windows_7.pdf
  • https://s3.amazonaws.com/kuxuxemu/8023481644.pdf
  • https://233b4d2f-9c44-4004-b776-098ebc281e6f.filesusr.com/ugd/7f980c_48c771ae88aa4f408fc649988c10c7f3.pdf?index=true
  • https://200ee3fc-349d-4871-b5c3-2c1c69b60476.filesusr.com/ugd/7b00a0_ae90ebf75d1042b1841c19f7deb30f05.pdf?index=true
  • https://9579f988-9383-433c-acf3-5fff76e0c882.filesusr.com/ugd/191a6d_c6108f89b2d74680a1578f02fad3acc3.pdf?index=true
  • https://s3.amazonaws.com/bitizopovopaso/ragupeniko.pdf
  • https://d2ffd92d-ad89-4e9b-8359-126286817a3c.filesusr.com/ugd/dd9784_374eadfa0093458db5d393618066ee81.pdf?index=true
  • http://sewujajapivix.onlinewebshop.net/minecraft_guides_wiki.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.