Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=how+to+do+brandt+daroff+exercises

  • https://static.s123-cdn-static.com/uploads/4474456/normal_5fcc13029b049.pdf
  • https://xugojegisonixen.weebly.com/uploads/1/3/4/6/134684264/mafar_mikunurasa.pdf
  • https://cdn-cms.f-static.net/uploads/4475728/normal_601ad2d287443.pdf
  • https://static.s123-cdn-static.com/uploads/4443598/normal_6006603a6fa28.pdf
  • https://wedezetepeb.weebly.com/uploads/1/3/4/5/134528952/86411.pdf
  • https://cdn-cms.f-static.net/uploads/4377924/normal_6009f67082df4.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/5f543cb2-e0a2-441f-b82b-40d22394b279/what_app_do_i_download_for_stealth_cam_card_reader.pdf
  • https://uploads.strikinglycdn.com/files/03fadb68-7415-4cd5-bc87-f66a884707da/can_f_statistic_be_less_than_1.pdf
  • https://uploads.strikinglycdn.com/files/4f7484f2-2ab2-4814-a60d-7571f71876d3/download_walmart_grocery_app_for_iphone.pdf
  • https://uploads.strikinglycdn.com/files/e1b61ba7-aaf4-4878-91a4-1437a31e7b4b/what_order_should_i_read_rangers_apprentice.pdf
  • https://uploads.strikinglycdn.com/files/29a964cc-5b43-4cb3-8814-b92590f733cc/king_lear_summary_act_3_scene_6.pdf
  • https://uploads.strikinglycdn.com/files/23034ce3-3cce-4b2c-b885-25a28ad8992a/how_to_not_fall_for_reverse_psychology.pdf
  • https://uploads.strikinglycdn.com/files/405e03d2-7e2d-4385-809c-45f82f17cac5/pokutifupeluroranuvezexor.pdf
  • https://uploads.strikinglycdn.com/files/ca31336a-f5e5-4d29-87c1-905c66d1d4b7/50171042819.pdf
  • https://uploads.strikinglycdn.com/files/200448a3-974e-4149-a07e-2350b8355736/pobafeliliseforurekigurip.pdf
  • https://uploads.strikinglycdn.com/files/29e6c27f-1d29-46dc-8096-8da499ef688a/mutiw.pdf
  • https://uploads.strikinglycdn.com/files/d0cf0db0-3a47-4c22-9bfd-e3333685231d/integral_calculus_rules.pdf
  • https://uploads.strikinglycdn.com/files/be157826-c3e3-4343-812b-9dad7a8cef99/class_paul_fussell_epub.pdf
  • https://uploads.strikinglycdn.com/files/43de6478-8b1e-40b4-84ad-01e489cd5f03/gasunubavevetinezotu.pdf
  • https://uploads.strikinglycdn.com/files/5a302254-4dce-4a95-8bc7-7f2a506b12f7/84734472157.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.