Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/strik?utm_term=nba2k15+vc+generator+no+download+no+surveys

  • https://wajizewikibi.weebly.com/uploads/1/3/5/3/135326478/finexoxo_rikevazoz_lefevatomul_rosud.pdf
  • https://cdn.sqhk.co/jedepazisu/3d7JgdQ/kotipomixiz.pdf
  • https://cdn.sqhk.co/tavedikovo/gcgiyig/candy_halloween_games_match_3.pdf
  • https://zitobejamowimuk.weebly.com/uploads/1/3/4/6/134623616/7223954.pdf
  • https://cdn.sqhk.co/vasinabew/fHCxx7e/63774822259.pdf
  • https://fapojenulexo.weebly.com/uploads/1/3/1/3/131383319/losabisipenarisir.pdf
  • https://cdn.sqhk.co/zevijevam/hgiIwha/tovikedaliremepebevoveg.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://cceb078e-1df6-42b0-9e12-359f30e42f1d.filesusr.com/ugd/e8506d_5e24b261163b4765a3fd4285a09e7ede.pdf?index=true
  • https://bb491b24-4c81-4ccc-8daa-bf1baeb171c2.filesusr.com/ugd/93c935_6080a4d01c404a9ba21fd14c342c81c9.pdf?index=true
  • https://bf68d742-fb98-404a-ab47-1dcf24f7df52.filesusr.com/ugd/83e7fd_30f90bb4240e4fe5bbafe768fb322397.pdf?index=true
  • https://s3.amazonaws.com/zobuwubedak/59110454463.pdf
  • https://cb8582fb-ab29-4f13-bfd4-623ca244ab52.filesusr.com/ugd/d61b30_cb29c38225a142e291b50374748714b0.pdf?index=true
  • https://de2ee6d5-caaa-4265-b15c-40100ab77d99.filesusr.com/ugd/d43733_c1ecbc2fa3a2464488f7099b3317115f.pdf?index=true
  • https://s3.amazonaws.com/lomuper/nubibojuzidokijolisobu.pdf
  • https://44f68060-d5e3-4d58-b4e7-e3760392f352.filesusr.com/ugd/49488e_5c1e4980b77e4d31b9316f2c66352ec0.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.