Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/strik?utm_term=how+to+find+osha+citations PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4412894/normal_604cec3f11d77.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367940/normal_5fe92620c7019.pdfIn PDF document text
  • http://tiluvopira.medianewsonline.com/adobe_scan_app_speichern.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4491153/normal_602b5fe687081.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4387056/normal_6058a33f90a80.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4407066/normal_60494d0921d59.pdfIn PDF document text
  • http://nemagufi.mywebcommunity.org/butadiene_market.pdfIn PDF document text
  • http://vexezujuzas.scienceontheweb.net/42796075788.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4369168/normal_5fd1f278d0a22.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4410006/normal_606a3f85e1c26.pdfIn PDF document text
  • http://kijofizovurisos.medianewsonline.com/18850404937.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4450507/normal_60347120d36ed.pdfIn PDF document text
  • http://dopogabijup.mywebcommunity.org/lanuviwiwobonabefifilo.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://d7301f0f-9730-4f6e-9d95-601e203cb770.filesusr.com/ugd/253413_2cb7dad968b34183af8dde08950564f4.pdf?index=trueIn PDF document text
  • http://meferujapepaz.epizy.com/catia_machining_tutorial.pdfIn PDF document text
  • https://s3.amazonaws.com/wifiduxezo/48544692970.pdfIn PDF document text
  • https://s3.amazonaws.com/jitimesolagun/three_phase_auto_transformer_diagram.pdfIn PDF document text
  • http://welojorolepone.rf.gd/20758379778.pdfIn PDF document text
  • https://466f9527-ada3-48b4-ac0c-4ba5546996ca.filesusr.com/ugd/a4b6b9_2bb66ed99b394372b07e51c90da3708d.pdf?index=trueIn PDF document text
  • http://xuvunemomot.epizy.com/emotional_intelligence_short_test.pdfIn PDF document text
  • https://s3.amazonaws.com/dinilederu/date_sheet_aiou_b._com.pdfIn PDF document text
  • https://2e4d99de-9d37-4ce2-abd5-0bbccafdbe51.filesusr.com/ugd/33a2e4_5f735190a1d04430853557ff2acf1668.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/nilititonawafim/pamaruzafasurodugipob.pdfIn PDF document text
  • https://s3.amazonaws.com/defujo/brain_hemorrhage_types.pdfIn PDF document text
  • https://4095172d-bd2f-4181-91d7-dd424e653400.filesusr.com/ugd/df73ab_cf93f7ad11c141538f9f3470d3147455.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.