Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://drafthe.ru/pbw?utm_term=john+wick+3+full+movie+streaming

  • https://mipigonegomef.weebly.com/uploads/1/3/0/8/130813466/xonutanenafataso.pdf
  • https://cdn-cms.f-static.net/uploads/4484631/normal_5fe79bb233136.pdf
  • https://lekumoga.weebly.com/uploads/1/3/2/6/132683130/bujixazanikof.pdf
  • https://cdn-cms.f-static.net/uploads/4427514/normal_600f0c9ff3997.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://xexufokug.pbworks.com/w/file/fetch/144770721/23130981268.pdf
  • https://uploads.strikinglycdn.com/files/09f72ae0-e1e1-4a03-976e-4d5181c78246/48295819116.pdf
  • https://uploads.strikinglycdn.com/files/e7cc3bb1-a0a4-4d25-8f3a-d9efc066adca/adobe_photoshop_cs3_video_tutorials_for_beginners.pdf
  • http://mapaduzipi.pbworks.com/w/file/fetch/144816654/kevin_basconi_books.pdf
  • https://uploads.strikinglycdn.com/files/96b5eb0a-7ab5-4f88-9db5-0411513ec17c/how_do_i_download_microsoft_office_2010_and_install_windows_10.pdf
  • https://uploads.strikinglycdn.com/files/329dbc02-4677-41e2-8f82-d17b951a3a85/que_nos_ensea_el_camino_de_emaus.pdf
  • https://uploads.strikinglycdn.com/files/483d4ae4-62db-45e0-aa45-dd6321a7a344/93427586391.pdf
  • https://uploads.strikinglycdn.com/files/8a548ef1-b000-449b-8238-cddb297ec3af/21877817344.pdf
  • https://uploads.strikinglycdn.com/files/9ff4d474-1a37-49cf-9e35-e1f4b11a7ca5/dasekirotividaregeruziguf.pdf
  • https://uploads.strikinglycdn.com/files/38fa1919-e71b-4a3f-86a7-37288208cd8c/impossible_quiz_2_unblocked_66_ez.pdf
  • https://uploads.strikinglycdn.com/files/e2d25f6b-9d53-4611-b8d4-d8bc97f84596/rapawupobiso.pdf
  • https://uploads.strikinglycdn.com/files/0786b461-fa06-4a6c-a268-6169e5b20722/d-link_dir-615_default_wireless_password.pdf
  • http://zekodunu.pbworks.com/f/manuale_xiaomi_m365_pro_2.pdf
  • https://uploads.strikinglycdn.com/files/0a9f8fd6-8375-4298-ac49-fd51c67b1ffb/mercury_25_hp_2_stroke_carburetor.pdf
  • https://uploads.strikinglycdn.com/files/2e3cb86a-dd9a-45ec-a3d8-8d930f3a7dd3/1ml_cuantos_gr_son.pdf
  • https://uploads.strikinglycdn.com/files/3ca50dd0-c734-40c8-8dc0-8cd511f12eb3/19928604917.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.