Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://zajinet.ru/award?keyword=abakada+tagalog+words+pdf PDF link annotation

  • https://cdn.sqhk.co/sowuwinadapu/001gdjf/minecraft_pixelmon_servers_1._12._2.pdfIn PDF document text
  • https://cdn.sqhk.co/maxegugej/gqgghGr/oxenfree_switch_physical.pdfIn PDF document text
  • https://cdn.sqhk.co/dafibuxoki/pz5jami/baxogibojawusaroxani.pdfIn PDF document text
  • http://rabejagoruwobol.66ghz.com/vehicle_information_uk_contact_number.pdfIn PDF document text
  • https://cdn.sqhk.co/kenipafitu/agiUivh/66031697153.pdfIn PDF document text
  • https://cdn.sqhk.co/xonipavu/jfahh0Q/banco_bradesco_estados_unidos.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://f621ecf8-e26c-4db3-9bdf-176eeceb312d.filesusr.com/ugd/b3755e_c173a2d7e4c442f19ad2a6d48531c29b.pdf?index=trueIn PDF document text
  • https://a21f0d7d-5fe0-4a99-a381-3b18266e0880.filesusr.com/ugd/6c313a_f94e2bec458448c398e4b87584b06fb2.pdf?index=trueIn PDF document text
  • https://bc260b4e-efc2-469d-9102-9c7234992d76.filesusr.com/ugd/b1b3ad_98e9cdee26574cffad36d6b833a88393.pdf?index=trueIn PDF document text
  • https://51956041-da35-40aa-96c1-085c1f47c80d.filesusr.com/ugd/e6e573_a873e215a29f4da58681d73e1356d668.pdf?index=trueIn PDF document text
  • https://2d130471-2a64-48ba-87cf-8f1e86c6acad.filesusr.com/ugd/9c43ec_7f6402b2277841708e930f29eac8580c.pdf?index=trueIn PDF document text
  • https://f815f12b-539f-4060-8ed9-abd2caada31b.filesusr.com/ugd/ceb2e8_2c5452f1550d42a995eed5190e72e830.pdf?index=trueIn PDF document text
  • http://dotosetebokiru.rf.gd/54782153877.pdfIn PDF document text
  • https://fea67d75-dd3b-4bdd-af05-748e92ec8a52.filesusr.com/ugd/05900a_8a909d70c1a04c8ba8edee78cc95cc33.pdf?index=trueIn PDF document text
  • https://97783159-ced7-426e-9fbd-60d2bb3342fb.filesusr.com/ugd/00058f_6bfbee76285b48cf9ddca362d8d28a12.pdf?index=trueIn PDF document text
  • https://0dea665b-aaaa-42f3-a52c-f86f0fd1efa2.filesusr.com/ugd/8b9728_af6bf56aaa1a4ef09437f59418137cae.pdf?index=trueIn PDF document text
  • https://28481333-1ef2-46fb-8ebf-d56c3f24acbc.filesusr.com/ugd/314c35_13cc033269184067a138e6008c888982.pdf?index=trueIn PDF document text
  • https://82c1a4a6-0aea-44ab-842b-07cb5bdde860.filesusr.com/ugd/aafee9_78af3530bde34a4683fd6ee6b9055589.pdf?index=trueIn PDF document text
  • https://78905da9-dd21-4190-abaa-c894c042e703.filesusr.com/ugd/851c7c_0e58a76b10034c2fb1cfd522a9268c2c.pdf?index=trueIn PDF document text
  • https://275320ff-96dd-455a-9699-a0fdc58b27a5.filesusr.com/ugd/943725_95d3ed7005034c60bcb976eb8b5da63f.pdf?index=trueIn PDF document text
  • http://wuduzukatej.epizy.com/munanexuposenitipufubuzal.pdfIn PDF document text
  • https://43081b45-6e48-4b43-b724-9328fda377ae.filesusr.com/ugd/26481d_4ce7d9c6782c4b7a94b1eea2faf40c23.pdf?index=trueIn PDF document text
  • https://a1bd7baf-2de3-4c81-8914-4b74a732ecf9.filesusr.com/ugd/c89f15_5525b27ad7ba44c89a3058d6d6f02436.pdf?index=trueIn PDF document text
  • https://305aa2e3-e1d2-413d-aa2e-f1bb83d03ded.filesusr.com/ugd/92ee2b_bd4cb38a17624cedbbe8472b148c937c.pdf?index=trueIn PDF document text
  • https://c8d0f166-86fd-441b-8df5-aa5e6c6c7644.filesusr.com/ugd/f4b3af_ad02ae7cfec740de85d016fafa0ae43a.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.