Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=give+me+liberty+chapter+17+quiz

  • https://static.s123-cdn-static.com/uploads/4403421/normal_5fca33b71c16a.pdf
  • http://sutovuresas.mygamesonline.org/pefezew.pdf
  • https://static.s123-cdn-static.com/uploads/4381737/normal_5ff2cc141996a.pdf
  • http://vipadobotisituz.mygamesonline.org/meaning_of_social_development.pdf
  • https://cdn-cms.f-static.net/uploads/4376379/normal_60146777162d3.pdf
  • https://static.s123-cdn-static.com/uploads/4497395/normal_5fccf16683ae7.pdf
  • http://kutejovanog.getenjoyment.net/what_to_do_if_your_amazon_fire_stick_wont_turn_on.pdf
  • http://bekopomulasebi.getenjoyment.net/tibetan_book_of_the_dead_bardo_thodol.pdf
  • https://static.s123-cdn-static.com/uploads/4478683/normal_5fedf28ecd291.pdf
  • http://kusafomidufe.mywebcommunity.org/college_attendance_management_system.pdf
  • https://cdn-cms.f-static.net/uploads/4409239/normal_601f11933d6c1.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://d427386d-3434-45d9-8802-370857a594f4.filesusr.com/ugd/accd1f_d760a8a39d5449a68880c35557ce4c1c.pdf?index=true
  • https://s3.amazonaws.com/nasitevu/the_sandman_wrestler_now.pdf
  • https://e966359d-176b-477a-9ad9-c314bea94227.filesusr.com/ugd/fa6f14_6a05ddb0c38a4b63a6a11a1cb6f75363.pdf?index=true
  • https://s3.amazonaws.com/wizitifowubux/zepowivelavobapinami.pdf
  • https://s3.amazonaws.com/bulozor/commission_notice_guidelines_on_vertical_restraints.pdf
  • https://39472683-7d43-4bc3-882b-0947a83fd973.filesusr.com/ugd/544c7e_f33dd95654074abeac50d90c1fbc0d38.pdf?index=true
  • https://s3.amazonaws.com/mefonevimimix/naa_autograph_songs_teluguwap._net.pdf
  • https://s3.amazonaws.com/bevekizadoxuj/doggie_daycare_business_plan_template.pdf
  • https://b9eb3541-094c-4606-b101-17c2291fd6e1.filesusr.com/ugd/a18601_f05eedcb0efb4fd8a268c603db6a6db0.pdf?index=true
  • http://sanugifop.atwebpages.com/10451499690.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.