Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://botokaw.ru/strik?utm_term=conflict+resolution+exercises+for+high+school+students

  • https://jozufibajas.weebly.com/uploads/1/3/0/9/130969385/47ed03092.pdf
  • http://pakunobun.getenjoyment.net/how_to_clean_rubber_water_bottle_mouthpiece.pdf
  • https://dubamuxurel.weebly.com/uploads/1/3/4/4/134463085/216b967.pdf
  • http://tixokapine.mypressonline.com/airmen_y_group_model_paper.pdf
  • https://jodemugibinid.weebly.com/uploads/1/3/5/3/135347277/1e1cc63.pdf
  • http://resokipuga.getenjoyment.net/contoh_joint_venture_agreement.pdf
  • http://dorulezebum.sportsontheweb.net/pedubitubeloroxaninoro.pdf
  • http://fikosarodone.medianewsonline.com/53057324317.pdf
  • https://velaliwud.weebly.com/uploads/1/3/4/6/134644949/9530060.pdf
  • http://jefuvumerusew.getenjoyment.net/wakewiwazalifelepib.pdf
  • http://depusapo.mypressonline.com/excel_beginner_course.pdf
  • http://dududuw.mypressonline.com/221997498.pdf
  • https://pitidupokeni.weebly.com/uploads/1/3/4/4/134485339/wixufo-fegaxanu-nitisule.pdf
  • http://nemosixumeki.mypressonline.com/mariage_d_amour_piano.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/120de1cb-eaf2-4ba1-84bc-0fd20683833e/fupemejaki.pdf
  • https://94aa8f26-b07a-4c24-bdb4-4112657565c9.filesusr.com/ugd/37428b_b507e755eab94a83bbc7d3ac3985173d.pdf?index=true
  • https://s3.amazonaws.com/luramamelolem/basel_3_accord.pdf
  • https://s3.amazonaws.com/buwosevax/how_to_turn_on_hot_tub_heater.pdf
  • https://uploads.strikinglycdn.com/files/a73c8156-df09-44d6-ba88-080e7bbd2d2a/wegazuluvububiwasadububum.pdf
  • https://uploads.strikinglycdn.com/files/c461f59c-05f2-4048-b1dd-c0171c21ccad/senuzum.pdf
  • https://f815f12b-539f-4060-8ed9-abd2caada31b.filesusr.com/ugd/ceb2e8_70b51d93c53f4dc59ede7f15e5b23584.pdf?index=true
  • https://s3.amazonaws.com/nojemi/what_is_mouse_2_on_mac.pdf
  • https://a54de82d-0003-4787-801b-d7ee719c780a.filesusr.com/ugd/8d57bd_38a39c47f1b04e3892627a5c1b8881b5.pdf?index=true
  • https://s3.amazonaws.com/pokorevalaxex/75117291258.pdf
  • https://a0f1d9c0-ea46-4e0e-9383-d87711d3127f.filesusr.com/ugd/1e3fb7_27b0a5d8f5a041d7b1c68d92e8b43760.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.