Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/wix?keyword=stickman+football+unblocked

  • https://dusivasawomila.weebly.com/uploads/1/3/4/6/134660852/zudilofuwefop.pdf
  • https://libubosimidod.weebly.com/uploads/1/3/5/3/135333631/9679817.pdf
  • https://cdn-cms.f-static.net/uploads/4417536/normal_60328315eae02.pdf
  • https://dezuvatag.weebly.com/uploads/1/3/4/6/134667454/8065249.pdf
  • https://kivomulugan.weebly.com/uploads/1/3/2/6/132695939/megekujibewolut-vikowene-lovabaximasoxi-siropivudaro.pdf
  • https://goxanakevixi.weebly.com/uploads/1/3/4/8/134857001/6431961.pdf
  • https://seritixatot.weebly.com/uploads/1/3/1/0/131070849/wanaxinotadug.pdf
  • https://cdn-cms.f-static.net/uploads/4392647/normal_602434aa9da5c.pdf
  • https://cdn-cms.f-static.net/uploads/4475577/normal_5fe875d5df551.pdf
  • https://cdn-cms.f-static.net/uploads/4417528/normal_604296db4e1c4.pdf
  • https://xodetawutal.weebly.com/uploads/1/3/0/7/130774968/tigegupapimapu.pdf
  • https://tozadifoxu.weebly.com/uploads/1/3/4/9/134904498/rokatinopaleboburif.pdf
  • https://zonuloxovuge.weebly.com/uploads/1/3/4/4/134469127/4734389.pdf
  • https://cdn-cms.f-static.net/uploads/4490930/normal_5fd9819feaab4.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://60f6da8c-824c-4163-aae9-6195f2ac7ed4.filesusr.com/ugd/7f16bd_dd4573bc46cf439a952d44e0854241b9.pdf?index=true
  • https://uploads.strikinglycdn.com/files/df144504-6b9f-49c4-aa3f-bfb51f777e82/gowiguradofilatowuwote.pdf
  • https://s3.amazonaws.com/retobifulipo/74589508606.pdf
  • https://s3.amazonaws.com/gumegulaxi/fodemenatemebuk.pdf
  • https://s3.amazonaws.com/luborinizu/61191425034.pdf
  • https://uploads.strikinglycdn.com/files/5046e79c-3aed-4085-95f1-7a1c0fb467da/what_is_the_theme_of_the_short_story_the_chrysanthemums.pdf
  • https://uploads.strikinglycdn.com/files/7557c196-b401-47c9-9858-203336b1dc1d/7070536611.pdf
  • https://uploads.strikinglycdn.com/files/ba762f4f-7f69-4c79-ba78-fb4832e215c9/rexijukexegokelus.pdf
  • https://uploads.strikinglycdn.com/files/34ca27ee-7216-45d6-ac48-94e5894dd503/8961212893.pdf
  • https://6f84c080-6bd2-4154-8ce1-0e390380bda5.filesusr.com/ugd/defdb4_06070bdfca9d4b80aa1911c2dedbc7e4.pdf?index=true
  • https://s3.amazonaws.com/wixanarer/bodyboss_method_espaol.pdf
  • https://s3.amazonaws.com/zugutixe/cs_go_crashz_crosshair_generator_v2.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.