Malicious PDF — malware analysis report

Heuristics 6

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Fake CAPTCHA / human verification prompt high SE_FAKE_CAPTCHA
  Document displays a fake CAPTCHA or human-verification prompt — used to trick users into running commands or pressing keyboard shortcuts
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/strik?utm_term=what+is+the+message+of+flowers+for+algernon

  • https://gewilowada.weebly.com/uploads/1/3/0/7/130776716/vurug_pomunamibaxujew.pdf
  • http://zutatowatipo.mywebcommunity.org/jadurilitevopivoka.pdf
  • http://jatamonip.iblogger.org/model_cerere_demisie_fara_preaviz.pdf
  • https://fusofopafufet.weebly.com/uploads/1/3/5/2/135294951/vijejezegegaduz-bixixetola-govawojewiv-vifazapemokemu.pdf
  • http://sosutisokalelul.iblogger.org/the_magic_of_belle_isle_plot_summary.pdf
  • https://static.s123-cdn-static.com/uploads/4401697/normal_5ff4eeb0b4afd.pdf
  • http://wemuwetafivaxe.sportsontheweb.net/what_is_meant_by_tropic_of_cancer_in_tamil.pdf
  • https://static.s123-cdn-static.com/uploads/4465142/normal_5febb47d548a4.pdf
  • https://zajuzuvo.weebly.com/uploads/1/3/4/4/134474050/tefobiwisajajaxelal.pdf
  • https://static.s123-cdn-static.com/uploads/4384650/normal_60010518b269d.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/6ae2971f-34d1-4967-9556-12fce21687fe/how_to_figure_out_net_cash_flow.pdf
  • https://uploads.strikinglycdn.com/files/17111776-ba5d-4544-8f21-3e7dbeb5efc4/how_to_reset_omron_blood_pressure_monitor_bp786.pdf
  • https://uploads.strikinglycdn.com/files/cbce6b54-7efb-45ac-a2a2-68654aa64ed8/samsung_rf268abrs_parts.pdf
  • https://77483064-5892-4b52-b419-66e751946b77.filesusr.com/ugd/ef7b09_c908f6647b4e42eb8041b5442cbb6be6.pdf?index=true
  • https://uploads.strikinglycdn.com/files/37faaf91-cf34-4d5f-b691-f8b32bccadac/12534720696.pdf
  • http://budivisatenebo.rf.gd/degakoxufefadebel.pdf
  • https://15319a82-8c66-4906-b3c2-464277991f2b.filesusr.com/ugd/070acf_b4dee8e89e684832b09679e698945215.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4b000618-6602-4719-a3af-97fbf5501685/tom_sawyer_questions_and_answers.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.