Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/wix?keyword=romeo+and+juliet+timeline+activity

  • http://vadinesejel.22web.org/microsoft_project_standard_2016_free_trial_download.pdf
  • http://drnextact.xyz/didexodofxke4x.pdf
  • http://wazasutosas.iblogger.org/core_maths_questions_and_answers.pdf
  • http://saxoxiwu.iblogger.org/58019652478.pdf
  • http://insuranceautousa.com/sadness_and_sorrow_piano_midic5mj2.pdf
  • http://tixshopclub.fun/types_of_organisms_found_in_an_ecosystempaa59.pdf
  • http://agent-spv.space/flowers_in_the_attic_book_review_common_sense_mediamxadi.pdf
  • http://siankaanmexico.com/rogers_cup_draw_sheetu6141.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/ee0a788d-b186-4123-8535-c4aa0df5e7ca/6219208085.pdf
  • http://bagabosafeko.epizy.com/contemporary_issues_in_financial_reporting.pdf
  • https://uploads.strikinglycdn.com/files/81ecd2f0-53d9-4ecd-86eb-f448272a4213/34783010058.pdf
  • https://s3.amazonaws.com/sirilagewuga/79253201594.pdf
  • https://s3.amazonaws.com/tuzakifezara/nexa_extra_bold_italic_font_free.pdf
  • https://s3.amazonaws.com/datarofapakil/tizaponaxuwerevovovik.pdf
  • https://uploads.strikinglycdn.com/files/f113a555-c917-40e4-9fcc-31f3e11877d9/kiwid.pdf
  • https://uploads.strikinglycdn.com/files/095ad87e-88bd-487b-9ff6-00148f271dbb/how_to_vent_a_portable_air_conditioner_with_crank_out_windows.pdf
  • http://luvugotanufulav.epizy.com/64193402552.pdf
  • https://7c9e9c40-2b96-4f88-8065-b5ff5e495659.filesusr.com/ugd/3bfcae_95d662197fa24384b00084bf316e70d8.pdf?index=true
  • https://s3.amazonaws.com/zolerazowubow/car_sticker_design_software_free.pdf
  • https://f8b57e9d-e272-4783-b6f5-6420e6b93425.filesusr.com/ugd/886b73_46d9925eff1643d18808781ca36a327b.pdf?index=true
  • https://s3.amazonaws.com/vikukinumet/62323379922.pdf
  • https://uploads.strikinglycdn.com/files/dd708209-e2eb-4162-9c0e-18d21eca34a2/meguxoxa.pdf
  • https://8eccd3b7-fb20-4588-a5b5-4d8c58591879.filesusr.com/ugd/0e6328_35cd5cce9c9f49d188b6046263dbec72.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a640ecf7-3496-4e5f-a010-2822ff03080d/walmart_hours_of_operation_christmas_eve_2020.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.