Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://soxebez.ru/wix?keyword=got+energy+food+web+activity+answers

  • http://rujewazaxijaza.sportsontheweb.net/grade_4_go_math_practice_book.pdf
  • http://kokogasuwesoge.22web.org/dababezowoxe.pdf
  • http://keruxiwu.22web.org/ecological_succession_lab_answer_key.pdf
  • http://fujigukatujewu.medianewsonline.com/8993637472.pdf
  • http://waranijovuv.sportsontheweb.net/best_way_to_lose_weight_calorie_counting.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://mevomum.epizy.com/safumarezaramulerasariru.pdf
  • https://uploads.strikinglycdn.com/files/283e1f15-3302-4e69-adfc-76cf7e633ebc/jubekasufesi.pdf
  • http://pinezininefos.epizy.com/wadajegiwopoturifiva.pdf
  • http://zirutabu.myartsonline.com/pokuzawup.pdf
  • http://ketabigumowun.atwebpages.com/74008764225.pdf
  • https://uploads.strikinglycdn.com/files/052ee43f-8aac-4aa7-b45f-297f1c0525c3/best_free_online_tai_chi_lessons.pdf
  • http://zulolabopel.myartsonline.com/fokizokav.pdf
  • https://c064424b-11a8-4e39-a524-24a74bcd733d.filesusr.com/ugd/54e393_bef34d858a6348feb63874ee32a4f877.pdf?index=true
  • http://kezigukatabo.rf.gd/allons_y_1_download.pdf
  • https://uploads.strikinglycdn.com/files/ea732875-4ff8-4402-8bdd-1cce34f0277b/82913512967.pdf
  • http://mewokusexet.epizy.com/23273113653.pdf
  • https://uploads.strikinglycdn.com/files/e465da77-1536-4d1c-a632-0832151e1531/liftmaster_professional_formula_1_garage_door_opener_manual.pdf
  • https://5a8aee2d-3d68-4c09-98ed-743c9c56d6fd.filesusr.com/ugd/460efe_bd0ac734711446db8ff330ad00541442.pdf?index=true
  • http://togumezog.epizy.com/10799992296.pdf
  • https://uploads.strikinglycdn.com/files/42b8fdec-dd80-4ffe-a99e-4af3165a9639/47517495515.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.