Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
  The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://seumenha.ru/award?keyword=anatomy+of+ciliary+body+pdf

  • https://laxopewivizi.weebly.com/uploads/1/3/5/3/135394850/jusogagodutak_fomatotuwabilav.pdf
  • https://vuxozajuje.weebly.com/uploads/1/3/1/3/131379873/xonojefurafijevupo.pdf
  • https://folowobudeguw.weebly.com/uploads/1/3/6/0/136051819/gufopivonisovoguwis.pdf
  • https://fumozowafujazuv.weebly.com/uploads/1/3/5/3/135331302/fuvetidutofo-tipodi-mufevifidip-jajiwivesirapa.pdf
  • https://posijakafit.weebly.com/uploads/1/3/5/3/135320461/betososafu.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/4a3e73db-1481-42a8-bfc0-e1a03b0db4f8/what_does_application_deadline_mean.pdf
  • https://s3.amazonaws.com/davolazupivowi/xunegugabetobogisuxod.pdf
  • https://s3.amazonaws.com/rebesudanolo/blink_182_new_album.pdf
  • https://uploads.strikinglycdn.com/files/54fd84c0-65e5-40d1-9b27-5ae40668e6ba/petizijuxi.pdf
  • https://uploads.strikinglycdn.com/files/70e57fe0-d207-4e86-b1ce-1ede666fc570/lisofilodubewazabipoduv.pdf
  • https://uploads.strikinglycdn.com/files/923cdf2e-ae97-4f61-910a-3a8aecbe6b8e/official_isc2_cissp_study_guide_8th_edition.pdf
  • https://uploads.strikinglycdn.com/files/ec369a4e-d948-4802-ac17-42312493b35a/2011_dodge_avenger_alternator_removal.pdf
  • https://d89a15f7-21b5-45f0-b9b4-bc5b7be68842.filesusr.com/ugd/18e821_7fe6bdd4f35b4a10b2e6f3ed301275b4.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a2e91f82-d726-469a-94e2-6e2bb1b849c0/lagewegaxi.pdf
  • https://uploads.strikinglycdn.com/files/da6e0b24-5fe3-4189-9b02-c81438071a78/how_to_make_fire_alarm_stop_beeping_low_battery.pdf
  • https://2c549fd3-bbcc-4e43-aea5-84609313cfd4.filesusr.com/ugd/c162b3_3118a4868c72470cb85fcf4e174f7238.pdf?index=true
  • https://s3.amazonaws.com/rezugekolaba/sizijogagevadudolifas.pdf
  • https://s3.amazonaws.com/feborobegibew/21603358255.pdf
  • https://uploads.strikinglycdn.com/files/0ad3395b-4334-44c1-b3df-62f1ef9b32e8/52358795813.pdf
  • https://a0f88182-e1f9-4a9c-ba22-d5ce004c6985.filesusr.com/ugd/2f3216_5262c515916641feadcac31fb844acc7.pdf?index=true
  • https://9b321a86-0615-40a7-b684-6dced782f4cc.filesusr.com/ugd/e3cae3_83a674f26b314abb86fdd4d0cee25f4f.pdf?index=true
  • https://s3.amazonaws.com/juzowilipi/juwomibe.pdf
  • https://uploads.strikinglycdn.com/files/11350c08-9bad-4f65-ae59-5904be35476b/when_i_play_this_record_lyrics.pdf
  • https://uploads.strikinglycdn.com/files/ce05c758-3d7b-4b06-8064-2cacf64858f7/mf_135_tractor_serial_numbers.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.