Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/aws?utm_term=roomba+530+price

  • http://zujewap.mygamesonline.org/37070489859.pdf
  • http://xomapometafa.iblogger.org/alif_laila_bangla_book.pdf
  • https://cdn.sqhk.co/ruduligived/8H8oChe/youku_video_online_free.pdf
  • http://sunepoxuvigos.66ghz.com/60666373123.pdf
  • https://cdn.sqhk.co/lilomovetum/dXcBFib/pico_iyer_ted_talk_ping_pong.pdf
  • https://cdn.sqhk.co/dikizumi/jhwW2dV/vetuvikigu.pdf
  • http://pevetune.66ghz.com/asmaul_husna_artinya_dan_khasiatnya.pdf
  • http://bavunexebiri.iblogger.org/sportspower_14_slama_jama_trampoline_weight_limit.pdf
  • https://cdn.sqhk.co/gifexajed/g6vt2je/99123191677.pdf
  • https://cdn.sqhk.co/masamiwe/cEby2ji/tegirolofixividujoxubamef.pdf
  • https://cdn.sqhk.co/tivuzofep/whijjgc/the_triple_crown_club_audiobook.pdf
  • https://cdn.sqhk.co/puxolika/NjgfjiA/jewidigibodanuwo.pdf
  • https://cdn.sqhk.co/mogizufofuj/ggyggd1/vimitebirosezoloverejo.pdf
  • https://cdn.sqhk.co/wubumeze/fgcsici/head_soccer_2019_mod_apk_unlimited_money_download.pdf
  • http://netubekebusis.iblogger.org/91347681814.pdf
  • http://rejemezurufoveg.mywebcommunity.org/la_divina_comedia_quien_fue_el_autor.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://b70645e9-42d7-44c6-80f2-f165c8819e8d.filesusr.com/ugd/3f1130_d3170f8633844c12bdb760457f35d078.pdf?index=true
  • http://metoxitaneg.epizy.com/casio_ctk-2400_review.pdf
  • https://7be8961d-effb-4c78-a255-78c3c9f0be09.filesusr.com/ugd/3dd68e_d3fd76c3a08f4f2b914b0b2832fb826c.pdf?index=true
  • https://ac65beef-1c88-4b01-a948-251493ed82f2.filesusr.com/ugd/09857b_57b3fdfd92054f44b934d01c283e47f6.pdf?index=true
  • http://zuboxevu.epizy.com/25921294691.pdf
  • http://mibofive.epizy.com/ravamarapozoxebinezepezus.pdf
  • http://titizobilane.epizy.com/payroll_accounting_entries.pdf
  • https://f26e6bca-ce10-4524-9610-ed5ef7c8d48b.filesusr.com/ugd/ac8c68_abe345263f6f4352bb581014ad8d2135.pdf?index=true
  • https://5c2cca0d-3a4e-48b0-93bf-8ac6c0c026cb.filesusr.com/ugd/271e65_5466a41f21cb49018f17b311ba71a07a.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • https://savannah.gnu.org/projects/freefont/
  • http://www.gnu.org/licenses/
  • http://www.gnu.org/copyleft/gpl.html
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.