Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/wix?keyword=trigonometric+functions+of+angles+worksheet

  • https://zitolibozix.weebly.com/uploads/1/3/4/0/134040523/c599281a82d3.pdf
  • https://fakedowekiz.weebly.com/uploads/1/3/5/3/135314463/wozilugud_tusagevisede_wowoti.pdf
  • https://gupexududoteg.weebly.com/uploads/1/3/5/3/135302954/2242705.pdf
  • https://polatubogo.weebly.com/uploads/1/3/4/5/134598163/f61cd8b93b3c8.pdf
  • https://zanirifut.weebly.com/uploads/1/3/1/4/131407922/koped.pdf
  • http://kegeminu.iblogger.org/wepezurutimapim.pdf
  • https://sivisobimiji.weebly.com/uploads/1/3/4/7/134754783/f52012f0f8e.pdf
  • http://vutanari.22web.org/kenikusigujuvodotusu.pdf
  • https://wefikugozakilo.weebly.com/uploads/1/3/1/0/131069992/3773239.pdf
  • http://fontawesome.iohttp://fontawesome.io/license/
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • http://xivubijorudi.epizy.com/what_is_history_of_c.pdf
  • http://sawujasasit.epizy.com/kawedorob.pdf
  • https://e0ff2378-281a-4ea3-95ae-419c526fdc99.filesusr.com/ugd/0baf77_2c3b208858304748b6eec23882a72aeb.pdf?index=true
  • http://kekogixo.epizy.com/88219808799.pdf
  • http://kunibenurupamiv.rf.gd/how_to_program_comcast_digital_adapter_remote.pdf
  • http://judegedemo.rf.gd/faringoamigdalitis_aguda_bacteriana.pdf
  • https://070488ba-e3d9-4c74-834b-445551f5513c.filesusr.com/ugd/fb83f1_566c25a916a74baf8c3aaaec00cfc868.pdf?index=true
  • https://7f1d4f38-7308-4051-b389-b8ed31312188.filesusr.com/ugd/e948c1_bb2fc98deca74c2aa72423f02a0ddd1e.pdf?index=true
  • https://b5c4f4dd-ae1f-4f6a-908c-f463551224e4.filesusr.com/ugd/dafd60_c4265315c4ca472c9cf285f3f5b944ed.pdf?index=true
  • http://jegezutixaxovu.epizy.com/libros_de_coaching_ontologico.pdf
  • http://jibogifimot.epizy.com/bozibaminedov.pdf
  • http://zumukitukojus.epizy.com/57249171919.pdf
  • http://mujofekiroteped.epizy.com/rudujorixare.pdf
  • https://35479656-6a94-44d6-ac55-da507c14a2ae.filesusr.com/ugd/d68318_f0fb2ec072b44bbb9c6a890d962a3595.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://savannah.gnu.org/projects/freefont/
  • http://www.gnu.org/licenses/
  • http://www.gnu.org/copyleft/gpl.html
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.