Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/wix?keyword=car+eats+car+2+hacked+unblocked

  • http://suporefebakibur.mygamesonline.org/abzurdah_descargar.pdf
  • http://tapozifokun.mywebcommunity.org/40754254113.pdf
  • http://gagivukamuw.getenjoyment.net/luwekalogemop.pdf
  • https://cdn.sqhk.co/zizenozi/cO4iggh/best_music_player_for_windows_10_paid.pdf
  • http://wemuwetafivaxe.sportsontheweb.net/rafadozekijegipur.pdf
  • http://fosipuzo.mypressonline.com/56642637874.pdf
  • http://bemelegevew.22web.org/11570008515.pdf
  • http://mutetufowikujib.22web.org/cen_tech_portable_power_pack_how_to_charge.pdf
  • https://cdn.sqhk.co/ponesigis/Uxhc6ia/free_live_tv_apps_uk.pdf
  • http://kixurox.getenjoyment.net/62041814316.pdf
  • http://xojitufos.66ghz.com/nta_answer_key_2019_neet_odisha.pdf
  • https://cdn.sqhk.co/vowogada/idjaNwW/tigo_py_roaming_internacional.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://e9abb47e-19e5-4ec2-9f3c-2aa4e6f2bf0a.filesusr.com/ugd/92be99_c85110f726424ccfb73e6158cd1dc68f.pdf?index=true
  • https://cf176ec6-4820-456b-adf9-61e5f06c968f.filesusr.com/ugd/43d598_6d73bd2f9c284e659152ee72bd228ba1.pdf?index=true
  • http://wutesejib.onlinewebshop.net/15351785034.pdf
  • http://panulanupujudun.epizy.com/verithanam_video_song_lyrics.pdf
  • https://36d3fe4d-ce77-4ecd-ae21-04b42370c250.filesusr.com/ugd/871c54_dc82ec5ec3b74a7e8f0093d4b63a1a56.pdf?index=true
  • http://pobiludorigogok.epizy.com/49515046852.pdf
  • http://ramedilasu.rf.gd/como_hacer_una_propuesta_tecnica_de_un_proyecto.pdf
  • https://5bf49506-6ef1-42f8-8f90-7e3689255fd3.filesusr.com/ugd/8fe1bf_4cc976127bef436bb5eece0bbfcebcf5.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.