Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://bologen.ru/strik?utm_term=what+yoga+poses+are+good+for+anxiety PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4411916/normal_603f06a91293e.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4460247/normal_602ca19ddfa96.pdfIn PDF document text
  • https://cdn.sqhk.co/zajikeze/KijVifB/defender_marine_reviews.pdfIn PDF document text
  • https://cdn.sqhk.co/xovepejegosi/m0aSkgj/how_to_make_origami_birds_that_fly.pdfIn PDF document text
  • https://cdn.sqhk.co/zubejavaxuvu/hbLgchh/all_creatures_big_and_small_veterinary.pdfIn PDF document text
  • https://cdn.sqhk.co/ramawuvade/jRNicie/ramijosukejinuzedoro.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4478383/normal_60184c109ddf5.pdfIn PDF document text
  • https://cdn.sqhk.co/gaxomawelej/C2Nuajd/74845328326.pdfIn PDF document text
  • https://cdn.sqhk.co/wubunepan/jihc8ig/29323500754.pdfIn PDF document text
  • https://cdn.sqhk.co/gibebomesani/eqgeS7b/60276576891.pdfIn PDF document text
  • https://cdn.sqhk.co/pupevadojas/id9hjib/ice_cream_delivery_nyc.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4379982/normal_604bc8bdf2597.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://71f68c9c-1037-483c-a0ca-f268b7ddd3c8.filesusr.com/ugd/87fdc7_ef0b99ce5104434c8406ace78b8352cb.pdf?index=trueIn PDF document text
  • https://a529afa0-707c-494d-9cee-e9df2360aa12.filesusr.com/ugd/a6e48a_215edd0c546f473ba46433edf74eaa4c.pdf?index=trueIn PDF document text
  • https://ff19a39e-637c-4fc6-80cc-750024e8dd37.filesusr.com/ugd/d217e2_6a627a98106a449da0491e3f9d25e035.pdf?index=trueIn PDF document text
  • https://5fb42ee6-a9be-400a-98f2-f9d4b9f720c8.filesusr.com/ugd/1813b3_723a33b509254e95adfc6ebff069bf3d.pdf?index=trueIn PDF document text
  • https://40e214c1-1950-44e8-a195-e2c6eeb23253.filesusr.com/ugd/a517f4_b57808a62c174ab6b7a60398dbb724a1.pdf?index=trueIn PDF document text
  • https://feedbc21-cb93-402c-9ae2-3476589645d2.filesusr.com/ugd/f3ecbe_2cb7fdc2725946a6b442283cfeee8e0e.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/b35f43cb-fd61-4660-a3bd-cf8684ab952d/factors_affecting_motivation_in_psychology.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/22847091-8dd7-46a3-9788-b192610073cc/gibafama.pdfIn PDF document text
  • https://40785fcd-1e5e-4316-9306-5db1d5795eae.filesusr.com/ugd/2f07a1_e40043903e654e62a1489eeaaaaea789.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/3a516ff9-fc59-488b-ac93-ff6b2d6cec03/67742897402.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b196c104-1c06-4abb-ba76-070ba11c05ef/black_magic_book_in_bengali_free_download.pdfIn PDF document text
  • https://893c8be9-d140-4a04-8a3e-66bd54b472cd.filesusr.com/ugd/efd7ea_ba4cbf3739c149c3a80b6d1aeffaf8c0.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/1f0c3ad5-7ddb-4a55-80c1-6aa157471904/how_to_replace_lg_drain_hose.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.