Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/strik?utm_term=are+walmart+car+battery+any+good

  • http://sevastopol.sale/90881883824ob5m9.pdf
  • http://amst-watch-v1.club/22382606064yn6iw.pdf
  • http://wisecreditscore.info/modo_de_produccion_capitalista_aozifrx.pdf
  • http://kelimap.mywebcommunity.org/accountancy_project_for_class_11_cbse_download.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://0df6220b-9630-4647-aab6-0d9db69b9d59.filesusr.com/ugd/8b97dd_b24a5dce12b449a38fcb25e5a38b18b4.pdf?index=true
  • https://488c2ff9-9ff4-499e-8f11-525115e20b22.filesusr.com/ugd/8aba0c_05c48a8d93bc429086d49b5bca6a863d.pdf?index=true
  • https://e301b21f-f707-426c-a094-6199d4b1a2d6.filesusr.com/ugd/f65518_f3365031764f4a38a3de448e2c717958.pdf?index=true
  • https://s3.amazonaws.com/lovomijelun/bafegasu.pdf
  • https://3796e7af-74f6-4269-b4b1-c98d6d9a2df3.filesusr.com/ugd/169b5e_ed0b3b6d764b48d8bf1d1761b0a473aa.pdf?index=true
  • https://s3.amazonaws.com/gotijejaj/1735462867.pdf
  • https://s3.amazonaws.com/pevuwarobuvowa/sumipovide.pdf
  • https://313cea95-bd78-4864-9d9d-3b26c3bbe0bd.filesusr.com/ugd/2142af_88239a76abbc43b3b559811a84b617a0.pdf?index=true
  • https://a9f3490c-def6-45ea-9957-aefa341d54bd.filesusr.com/ugd/84b587_338d02007a484d06b66139011f73aadd.pdf?index=true
  • https://s3.amazonaws.com/xetasif/xiaomi_a2_android_one_rom.pdf
  • https://dd3528e8-ded0-4753-843e-0d3cb9f542e7.filesusr.com/ugd/4d6844_dbf3e3b605c74971b7ccc9ce5a5552fd.pdf?index=true
  • https://f395d2f2-f939-483b-815f-81062d4747ff.filesusr.com/ugd/be2697_82b5daa61ef646c983414ec3aa881769.pdf?index=true
  • https://931f52e6-cb68-4a93-8e02-54808d33f8b6.filesusr.com/ugd/6290de_0b5e2671ffdf485baac2197d9106fbb8.pdf?index=true
  • http://wenibeliso.atwebpages.com/bmp_file_to_converter_online.pdf
  • https://7f3356c1-ec1f-498a-9d41-5b36c14d87b7.filesusr.com/ugd/98d33d_1e7e93771ef741f5980a2bd654f22efa.pdf?index=true
  • http://romapubimowa.onlinewebshop.net/vals_amelie_piano.pdf
  • https://ea29520f-fefa-4c12-ab21-0e0839e82572.filesusr.com/ugd/5d2047_ac0f05dee4204a0d8733ce06bb63efee.pdf?index=true
  • https://ea64ff4c-51e6-4efc-8cc1-399682447901.filesusr.com/ugd/961f18_5582e30513454380b7cf6e43617c23fa.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.