Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/wix?keyword=cheat+codes+for+pixel+survival+2

  • http://puzigodemabotod.iblogger.org/vekovil.pdf
  • https://lusixepapage.weebly.com/uploads/1/3/4/6/134605241/gebixizi_faletobo_lapisetew.pdf
  • https://nunipotewisi.weebly.com/uploads/1/3/4/8/134892443/1717540.pdf
  • http://nefufovej.22web.org/14270654872.pdf
  • https://tugigoboz.weebly.com/uploads/1/3/4/4/134499705/6507133.pdf
  • http://noverst.xyz/un_ejemplo_de_comunicacin_masivaa42h8.pdf
  • http://winewelimefavo.iblogger.org/artificer_guide_5e_2019.pdf
  • http://blog-millionaire.buzz/82892081711g14n9.pdf
  • https://bujipivew.weebly.com/uploads/1/3/4/1/134131373/terutufi.pdf
  • https://xidoxuzi.weebly.com/uploads/1/3/4/7/134707988/5742222.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://bf68d742-fb98-404a-ab47-1dcf24f7df52.filesusr.com/ugd/83e7fd_822cd9767cce4cd690785445c7b6bdaa.pdf?index=true
  • https://7d6e376e-1ee3-4df5-88c1-8d1511d419f8.filesusr.com/ugd/7dd30d_b924662de0a444b08fce664395c0e0e6.pdf?index=true
  • https://uploads.strikinglycdn.com/files/25dfda3e-290e-4812-bc40-f61c096f4146/gopro_hero_4_black_time_lapse_battery_life.pdf
  • https://uploads.strikinglycdn.com/files/f16129a7-43a3-4270-b820-034be9392ba7/what_does_the_word_ordinary_mean.pdf
  • https://uploads.strikinglycdn.com/files/4b25ab40-d2ac-4993-9546-80d78a503be0/how_to_reuse_3m_command_strips.pdf
  • https://uploads.strikinglycdn.com/files/fcd9a0c9-c3ff-4b80-a946-6bc35e6d8ec9/vaxinurob.pdf
  • https://69868269-04aa-4a0d-8379-1371762fd556.filesusr.com/ugd/d8beff_5aee3f8b4aef4a6fa8eadd47786f263d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d60b3e94-83e0-4339-82b5-4d73c006d62b/how_do_you_use_the_mercedes_rear_entertainment_system.pdf
  • http://perinuve.epizy.com/craftsman_2-cycle_mini-tiller__cultivator.pdf
  • https://uploads.strikinglycdn.com/files/c7c7ea47-7506-4af0-a6d5-5ac1f4b72af4/54094227968.pdf
  • https://uploads.strikinglycdn.com/files/25b885b6-094a-43ab-a2f1-04cfe263ea57/70778006066.pdf
  • https://uploads.strikinglycdn.com/files/70871d56-2325-4ec5-bf98-3fe5c099f705/el_arte_de_amarte_por_nappa.pdf
  • https://uploads.strikinglycdn.com/files/2188bd47-b287-4202-91dd-e3ba37ad7267/the_monk_who_sold_his_ferrari.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.