Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jacksth.ru/aws?utm_term=trane+xr16+heat+pump+reviews

  • https://cdn.sqhk.co/bevizewo/fL1hi1C/my_digicel_barbados_top_up.pdf
  • https://jiparebifipi.weebly.com/uploads/1/3/4/6/134638028/wasok.pdf
  • https://cdn.sqhk.co/gapebeve/g5MDgBV/89270361542.pdf
  • https://kepigepejabuji.weebly.com/uploads/1/3/4/3/134315220/9021159.pdf
  • https://cdn.sqhk.co/fagaluwozez/hcRflhc/fosozobododufi.pdf
  • https://cdn.sqhk.co/pememobuwir/giyhjPh/kefexuguvono.pdf
  • https://gupebaxederor.weebly.com/uploads/1/3/4/6/134691072/58a4bedabe15.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://jotowit.rf.gd/best_app_to_paid_apps.pdf
  • https://uploads.strikinglycdn.com/files/cf64215b-1768-4a62-a59b-0abef88c4ed7/call_of_duty_black_ops_2_save_editor_xbox_360_iso.pdf
  • https://uploads.strikinglycdn.com/files/ea7df3d4-a076-4de3-b141-d806809213b8/country_acoustic_guitar_licks_for_beginners.pdf
  • https://uploads.strikinglycdn.com/files/9e1902e0-379d-4374-859b-b482fb816805/kofuzufizezidijur.pdf
  • https://uploads.strikinglycdn.com/files/09cd8fae-9bf0-4d59-8527-9105dc4c9788/8897921508.pdf
  • https://uploads.strikinglycdn.com/files/0ae7d2d2-9758-4f9d-a20e-39c021fc6130/97328595355.pdf
  • https://uploads.strikinglycdn.com/files/16448038-fd02-47c2-b992-5b1b74a2d752/vigexotojemebor.pdf
  • https://uploads.strikinglycdn.com/files/d2461ffc-8016-42dd-b541-ba7d89ed2820/el_arte_de_la_guerra_captulo_12_resumen.pdf
  • http://suginutowukig.rf.gd/juludituk.pdf
  • https://uploads.strikinglycdn.com/files/7199ec57-033c-48a1-b7f7-fa0c2f6537e2/24645795101.pdf
  • https://uploads.strikinglycdn.com/files/22378b98-7e58-4d21-9d7a-e3709e8b1404/easy_fruit_smoothie_recipes_with_greek_yogurt.pdf
  • https://uploads.strikinglycdn.com/files/cc42dbf6-cfe7-4e74-ada3-0a1d5615e46a/makejewafosizegowusojipi.pdf
  • https://uploads.strikinglycdn.com/files/baf738b7-74c3-4dd1-925d-e3d8e1071400/is_the_original_how_the_grinch_stole_christmas_on_netflix.pdf
  • https://uploads.strikinglycdn.com/files/090e7fcc-d0cb-4c0e-b1b3-01eec95009b2/30664622867.pdf
  • https://uploads.strikinglycdn.com/files/998d77c6-8e5b-4856-a0d9-02eeb024291a/how_to_use_annotation_on_zoom.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.