Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://nipisod.ru/123?utm_term=android+support+library+tutorial

  • https://cdn.sqhk.co/bobavijiwoba/kG2Vnjf/emoney_customer_service_email_templates.pdf
  • https://cdn.sqhk.co/kuwusemob/Cnjdbf2/international_marketing_notes.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/gatazeromij/50465606542.pdf
  • https://uploads.strikinglycdn.com/files/96d33e62-85d6-4574-8fb8-202b97ed9ea1/padi_open_water_exam_answers.pdf
  • https://uploads.strikinglycdn.com/files/f8409f72-07fa-44b5-8c97-1c897f931e69/how_do_i_set_up_caller_id_on_my_att_phone.pdf
  • https://uploads.strikinglycdn.com/files/336f6bf8-3843-41cc-aac4-3b5448ae75b2/25215252120.pdf
  • https://uploads.strikinglycdn.com/files/b5b99575-981b-43ce-86c2-fa8679eca7a4/john_deere_lawn_tractor_l100_parts.pdf
  • https://3e3188f7-d9e9-48da-9af6-4e6760718ee0.filesusr.com/ugd/4f7562_0ecebd55ce08402e91b232152ae647a2.pdf?index=true
  • https://s3.amazonaws.com/ganubifirigevi/effective_writing_a_handbook_for_accountants_10th_edition_free.pdf
  • https://s3.amazonaws.com/fadadedezeker/android_sdk_root_tool.pdf
  • https://uploads.strikinglycdn.com/files/013787fd-6d87-4164-a2fa-3508f627b437/why_wont_my_verizon_remote_pair_with_my_tv.pdf
  • https://uploads.strikinglycdn.com/files/47235f25-0b08-4ca8-b81c-d8372ec586e6/mathematical_group_theory_definition.pdf
  • https://uploads.strikinglycdn.com/files/70d726c8-0260-4b70-9318-423df096ba82/finding_perimeter_of_composite_shapes_worksheets.pdf
  • https://82656f1f-dd0f-4426-89ca-c5688288f975.filesusr.com/ugd/56de54_7b735275091740fb832a7723b00674c3.pdf?index=true
  • https://uploads.strikinglycdn.com/files/e5aacf1c-449d-405a-a0a3-dfdb63eb8d65/binedovadan.pdf
  • https://a72a44ae-2aae-4d6a-a6c4-235301d0a62e.filesusr.com/ugd/57436b_85b7011c884e4e2ba4ae8e4e5437192a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/7b6f4ed8-00dc-4c17-9d5a-877b2c2aa92b/jifibejibovevixufoza.pdf
  • https://s3.amazonaws.com/paxivogedewilu/soluroserexan.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.