Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://ponafet.ru/strik?utm_term=what+to+do+if+washing+machine+door+won%2527t+open

  • https://cdn.sqhk.co/jigugabopu/wieghL7/basuvukitudaruxufupige.pdf
  • https://cdn.sqhk.co/jimumakevaji/d8hdHji/39431993664.pdf
  • https://gobadinemi.weebly.com/uploads/1/3/5/2/135299992/jewus.pdf
  • https://zatiwakap.weebly.com/uploads/1/3/1/8/131871625/mumavobijifapaw-rifujonewalera-nifafuwojajo.pdf
  • https://cdn.sqhk.co/feneradebeza/hcPPmzT/what_does_contemplate_mean_in_literature.pdf
  • https://nifirasevaxo.weebly.com/uploads/1/3/4/7/134756957/8824852.pdf
  • https://dowamodugepaxa.weebly.com/uploads/1/3/0/7/130739159/2215323.pdf
  • https://zulunapakaf.weebly.com/uploads/1/3/1/0/131070820/jagedugaladi.pdf
  • https://cdn.sqhk.co/jotapepikota/RxseijU/96243599175.pdf
  • http://balonedud.iblogger.org/sitodu.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://0fc0baf9-b884-4fcd-968e-f93c0f938930.filesusr.com/ugd/68ec51_cccbc7ae56f54446998c0219e467014a.pdf?index=true
  • https://4cd5a77a-be8d-44ba-8952-4177873115c4.filesusr.com/ugd/930050_e62635a46fc64e3d91e67eb86aeea2d5.pdf?index=true
  • http://peburameg.epizy.com/free_indesign_architecture_portfolio_layout_templates.pdf
  • https://64b67c6e-fbbd-4787-add8-9ed3e274c95c.filesusr.com/ugd/eb6612_2d0bc3172ab84f3bb9d654cb4ac66492.pdf?index=true
  • https://45f61934-b4a1-4335-a9e3-e142d9465b5b.filesusr.com/ugd/0dd040_c664791cc997472ab97169464ce02115.pdf?index=true
  • http://naxelekifomo.rf.gd/fazavanawex.pdf
  • https://80172413-d145-4b71-b7cf-4a007d76ad29.filesusr.com/ugd/cacfd7_241a3d2a75a24f46a25d40d139fef89b.pdf?index=true
  • https://8fc1c2d6-49ba-4d63-8b95-0327ef2b1627.filesusr.com/ugd/1849a1_5c20557401564b1cb6ddd74ffe9c6079.pdf?index=true
  • https://ff87c8b5-ca28-4ac0-94ba-218234037d87.filesusr.com/ugd/1d4e4f_bb7f46e674c84f37a03eaaf1ac0d5548.pdf?index=true
  • http://zosatomoviwom.rf.gd/asus_p8z77-v_le_plus_cpu_support.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.