Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/wix?keyword=aicp+practice+exam

  • https://jagobedumaniso.weebly.com/uploads/1/3/0/8/130873939/1e6aa.pdf
  • https://jipowikufimur.weebly.com/uploads/1/3/5/3/135327107/189d0ac9bb5a.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://989244f3-426d-4557-b4f1-0018dac9047c.filesusr.com/ugd/57c819_781ae46fe4814b2084c845c89de5966b.pdf?index=true
  • https://571cbd0a-ba82-408d-be6d-2df53a8fcfe5.filesusr.com/ugd/02af14_eb515c3aace24eba8637f1555de5a569.pdf?index=true
  • https://s3.amazonaws.com/dogevazapiwediw/lalemo.pdf
  • https://s3.amazonaws.com/wizitifowubux/80338238585.pdf
  • https://b54663a3-ff9d-4122-b75c-69b71428c9b0.filesusr.com/ugd/cfa91a_753314ec89664f1c979d6c7406094ceb.pdf?index=true
  • https://b0cee159-9ce3-47d2-9452-de9e383f1b6b.filesusr.com/ugd/fac5c7_a4c2995568804e819f5757507d1ef89f.pdf?index=true
  • https://f6ea5e03-7e7c-4dce-82ee-fd5d223759ef.filesusr.com/ugd/d203ad_71a66879eabd4bd2b405c9556d3b3c75.pdf?index=true
  • https://7f1d4f38-7308-4051-b389-b8ed31312188.filesusr.com/ugd/e948c1_5f9f1b59592d4782880f75b5a8cf6ade.pdf?index=true
  • https://s3.amazonaws.com/pewebopufupe/zosamubomuvuze.pdf
  • https://s3.amazonaws.com/rejiner/suspected_elder_abuse_report_california.pdf
  • https://s3.amazonaws.com/nefomojuwet/bissell_vacuum_cleanview_ii.pdf
  • https://s3.amazonaws.com/lopadivupudexa/baaghi_1_full_movie_dvdwap.pdf
  • https://68fdcf0a-b1f0-4758-9edf-48d2be6d990b.filesusr.com/ugd/ac51ce_0c48854a502843a2ba494f1afd76d6e0.pdf?index=true
  • https://f05e0dbb-21cf-40ea-8b71-00b8d6f49a3b.filesusr.com/ugd/b09e1d_bb00a25a6b4642bbad05ca75e8d869ec.pdf?index=true
  • https://51f47fa2-20f7-4ec4-bb91-8ae4aee689b4.filesusr.com/ugd/917232_938fb2f26cad4a3c8a6253738ccd2046.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.