Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/wix?keyword=capsim+consumer+report+tutorial+answers

  • http://doordash.link/86551306603dij0c.pdf
  • http://libertinemodels.com/7215243009sbkim.pdf
  • https://kopupoko.weebly.com/uploads/1/3/4/4/134471128/1676493.pdf
  • https://cdn.sqhk.co/livejizilul/b47jdat/85505405142.pdf
  • https://nasewinadomev.weebly.com/uploads/1/3/4/5/134521200/bunegizuvo.pdf
  • https://sepiximefajo.weebly.com/uploads/1/3/4/8/134849953/77db9cd.pdf
  • https://cdn.sqhk.co/linaxezo/iggfRZe/scratch_pong_tutorial.pdf
  • https://cdn.sqhk.co/gimanoretev/gOqjenf/xezaluzu.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://1618b3f4-dcc0-4047-a816-eeb1cbe43c51.filesusr.com/ugd/a01749_c21669233d8d4b70ac250c509bf659cb.pdf?index=true
  • https://uploads.strikinglycdn.com/files/84ed18ed-def5-4bf9-b1f1-2260ec24b3dc/how_to_pronounce_english_american_accent.pdf
  • https://d8ec88ce-93b1-4b83-b294-7016fd5b5063.filesusr.com/ugd/366252_c4793767e51f4aaca008382c39dca266.pdf?index=true
  • https://7e6b698e-d56f-4a21-8c48-787e2f6d39f4.filesusr.com/ugd/7836c9_2549b645b4ad4cf6a6d5cbad227c5448.pdf?index=true
  • https://uploads.strikinglycdn.com/files/300e394c-286e-4fc3-914b-9285c7176092/who_are_the_biggest_internet_providers.pdf
  • https://83f018a0-8e49-44f0-b57e-805e464a5f06.filesusr.com/ugd/10a4aa_64376abd23ad4283871f03b12acc038b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/140f6ee3-2088-49ce-95fc-761468e785f1/timex_indiglo_leather_strap_watch.pdf
  • https://0dc5016f-38c0-4e11-84f4-4717e3ef4ec7.filesusr.com/ugd/4fd84c_d54379fb54284c6cbc0978c8aa56743c.pdf?index=true
  • https://4c72699b-aa2e-4dc8-8bd5-1a54e8f938a6.filesusr.com/ugd/f3cb45_983255653df54ca8944de7eb6438c841.pdf?index=true
  • https://f9fc249e-2e6a-4908-9eb0-88005465a50d.filesusr.com/ugd/2530ee_a564bd34ceb449e08abb1fd81e8d3628.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.