Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/wix?keyword=rising+action+of+the+lottery+ticket

  • https://cdn.sqhk.co/lasanamemego/iigifih/topazuladuf.pdf
  • https://cdn.sqhk.co/xuvisisitinu/i4hePL6/cold_weather_driveway_patch.pdf
  • https://cdn.sqhk.co/saxamabewido/jeYvzo0/80994364384.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://457cefd1-268f-49c0-9ca4-ced5ac281e6b.filesusr.com/ugd/983758_53c254e6821643829b4b82949d86384f.pdf?index=true
  • https://uploads.strikinglycdn.com/files/0c09171e-649e-458d-927c-738699dbdfc7/zinili.pdf
  • https://uploads.strikinglycdn.com/files/c15f872b-f217-42c1-ac0d-5842c69f67c4/ford_f-350_parts_list.pdf
  • https://d0bf7e8b-5449-41c0-93e9-161603c0719f.filesusr.com/ugd/197ed4_32a25d27ac33440ca36359013e1fea69.pdf?index=true
  • https://uploads.strikinglycdn.com/files/3b308534-e662-420b-861e-cd33669c7afd/which_jack_reacher_movie_is_first.pdf
  • https://f2d828cf-06d9-46ea-85af-d88b0bc20d44.filesusr.com/ugd/501a20_e42b0c328a844f80953ea39e2cd5f7c9.pdf?index=true
  • https://7e6b698e-d56f-4a21-8c48-787e2f6d39f4.filesusr.com/ugd/7836c9_07af229d4a2749c7b192c2beb5d4fbd5.pdf?index=true
  • https://uploads.strikinglycdn.com/files/2fca5954-d77d-441d-8109-43232f48a4a5/nail_places_that_are_open_now_near_me.pdf
  • https://uploads.strikinglycdn.com/files/ff660234-58d6-4b23-89f4-72aa41cbdfbf/85368571282.pdf
  • https://uploads.strikinglycdn.com/files/9b312bc2-006f-4ee9-99d2-428841dfad92/how_to_test_ge_oven_temperature_sensor.pdf
  • https://uploads.strikinglycdn.com/files/60c9fd77-a8d5-4036-97fe-92f96e652f19/27013355267.pdf
  • https://d0a6b1b1-1773-4622-8b5e-0ab5990a7ed3.filesusr.com/ugd/b90ba1_0ad574d2e73b4c869fce2af36a1983b5.pdf?index=true
  • http://mofetase.rf.gd/mekanisme_kerja_obat_atropin_sulfat.pdf
  • https://cbf60184-924b-4e65-abc2-244eb733ec12.filesusr.com/ugd/9a25f9_e60b5fde66ec41f98cec3dbb3bb90a07.pdf?index=true
  • https://43fe4710-460a-4ad3-90dc-2dd795c51528.filesusr.com/ugd/a32c20_8aa892b2ad6b4a57b7b1d7561c7dfc46.pdf?index=true
  • http://bumilofu.rf.gd/troy_bilt_pony_carburetor_adjustment.pdf
  • https://4541bc1c-e35c-4de3-bb44-1f53c3e1a56d.filesusr.com/ugd/68f66e_3e644f8d10c44920afc0a42456034de8.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.