Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=platicas+prebautismales+san+cristobal+merida+2020 PDF link annotation

  • https://gepubife.weebly.com/uploads/1/3/4/3/134315704/355150.pdfIn PDF document text
  • https://nuvosukive.weebly.com/uploads/1/3/4/7/134718285/ritam-paxotofukupep.pdfIn PDF document text
  • https://dosaremuxabibi.weebly.com/uploads/1/3/0/7/130739916/360cbbe.pdfIn PDF document text
  • https://zorutamazu.weebly.com/uploads/1/3/4/0/134096431/xejesatex.pdfIn PDF document text
  • https://makezuxakoje.weebly.com/uploads/1/3/0/7/130739015/ba85f868465dc.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/tadevewuju/bhakti_good_morning_photo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b73f0888-9b01-432f-a490-e0dc224ee5ed/how_hard_is_it_to_learn_stochastic_calculus.pdfIn PDF document text
  • https://6fc76513-a17a-4053-940d-bef108f5ea85.filesusr.com/ugd/3a5ef0_9cbced44c3eb47b3b411db3b8019e0ef.pdf?index=trueIn PDF document text
  • https://c93ae04b-3d95-4128-ac62-0503c91a26e1.filesusr.com/ugd/002f5e_813e80ae24d74988af28dedecc62d558.pdf?index=trueIn PDF document text
  • https://781b76d0-895c-4d4e-90f3-491762fad171.filesusr.com/ugd/894952_785246b0ea54477e85d187a481392987.pdf?index=trueIn PDF document text
  • https://93641f3c-03d3-4c8c-b6db-0fd9bfabe798.filesusr.com/ugd/384ca7_8bb70b049cf544c586b8e268e1f35735.pdf?index=trueIn PDF document text
  • https://5071cc05-3fa2-46b1-b944-d2523ca4b51d.filesusr.com/ugd/62e2c1_df2368079a93473fbb1050d44343f613.pdf?index=trueIn PDF document text
  • https://f7b0ef4b-317e-4f07-901b-4de91a029b50.filesusr.com/ugd/50f142_54ee29175a5c4bed968c2ffd436791cb.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/wekibik/what_to_put_in_filter_pocket_of_face_mask.pdfIn PDF document text
  • https://s3.amazonaws.com/simujix/arcsoft_showbiz_dvd_2_software_free_download.pdfIn PDF document text
  • https://s3.amazonaws.com/gowebabuxogiro/consumers_energy_report_outage.pdfIn PDF document text
  • https://s3.amazonaws.com/xalasawu/11607361432.pdfIn PDF document text
  • https://89511c73-251b-4bee-a1a5-5f4bd4863124.filesusr.com/ugd/f24cb8_d4eebf33c671428d99f9c39340ea7c79.pdf?index=trueIn PDF document text
  • https://0b21792c-a699-4cf4-8833-5910c6ad58af.filesusr.com/ugd/b0b521_96c1940ad86c449dbb85efd48682d9ff.pdf?index=trueIn PDF document text
  • https://e0d0d77b-4c00-4265-bc22-f0cc5cf11ada.filesusr.com/ugd/957eb4_0b917f12a60843378054d3543594fbfd.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/62c2099a-78bf-46d8-9aac-93f8d1bfefed/mevufor.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1846c12a-128f-4962-9edd-4ad325560fb0/85919668408.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/af1b5fb2-6afb-4693-9f6f-834037a08b7c/29769702976.pdfIn PDF document text
  • https://baad1762-ad72-434c-be9a-9de7d8068d01.filesusr.com/ugd/61395f_33dd954330374185b55ccc2c65d33821.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/68fe0c8e-5b2e-40f9-9db9-df39c3cc7f65/bodyweight_workout_plan_free.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.