Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dafemum.ru/wix?keyword=st+lucie+county+florida+property+appraiser%2527s+office

  • https://cdn-cms.f-static.net/uploads/4371809/normal_600d4b22969be.pdf
  • https://ratamugokamilel.weebly.com/uploads/1/3/5/9/135959592/kexize.pdf
  • https://static.s123-cdn-static.com/uploads/4378831/normal_5fe03a13e0025.pdf
  • https://static.s123-cdn-static.com/uploads/4424637/normal_5fcc9fe63c8c9.pdf
  • https://tewenamizudeko.weebly.com/uploads/1/3/0/8/130873709/mimov.pdf
  • https://cdn-cms.f-static.net/uploads/4496597/normal_605a455887e81.pdf
  • https://luvisumor.weebly.com/uploads/1/3/5/3/135390586/3317568.pdf
  • http://ninomut.sportsontheweb.net/ableton_live_suite_9_manual.pdf
  • http://foxiduwanati.mygamesonline.org/murray_46_inch_deck_belt_diagram.pdf
  • http://dejepuzalew.mygamesonline.org/acronyms_examples.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://2eda13a9-9e0f-47dd-bbfa-a9a5028a3314.filesusr.com/ugd/61c57f_083a144a34fc48c5b48d150c80d98991.pdf?index=true
  • https://466f9527-ada3-48b4-ac0c-4ba5546996ca.filesusr.com/ugd/a4b6b9_0bc1d0f320c043a9815441b5f53b38a9.pdf?index=true
  • http://vawivulumekil.onlinewebshop.net/storyboard_examples.pdf
  • https://18bc7be3-897e-46c1-a475-efc190d089bd.filesusr.com/ugd/62845f_8852f60b1e874a6dad097cc26023ab79.pdf?index=true
  • https://uploads.strikinglycdn.com/files/52778f10-7c67-45a1-bb24-417e580cb46f/13621315340.pdf
  • https://uploads.strikinglycdn.com/files/b81ed2b5-91ae-4b07-87c2-41aec1bbc472/transcendental_meditation_mantras_shirim.pdf
  • https://41c240d9-b4af-4f88-8fa4-2a41cce3a287.filesusr.com/ugd/01bc73_b5ed5feadcb74cbfb52ae79d9b794d02.pdf?index=true
  • http://rojanesifilagu.myartsonline.com/10749562617.pdf
  • https://uploads.strikinglycdn.com/files/2e0c7c8c-ac04-4bfb-a147-bfdbefd99383/what_does_a_dog_bite_in_a_dream_mean.pdf
  • https://uploads.strikinglycdn.com/files/c720caa1-cadb-4293-a78b-5eb55b7030a4/kewege.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.