Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=amor+de+mi+alma+pdf

  • http://igonlinesupport.com/my_lg_g4_will_not_turn_onxve6n.pdf
  • http://blockhcain.host/demilufomebuxin9j0k.pdf
  • http://naturalgood.space/marketing_strategy_for_automobile_industryk1cbd.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://4cf6c2b4-cd84-4b73-83b1-bf7f441162b2.filesusr.com/ugd/e50c99_cd240189184f4bdd8f0407647a4eeb38.pdf?index=true
  • https://1c92f6d8-19eb-429c-9239-1cf6be91372f.filesusr.com/ugd/cc1a03_f8a0174c43544e72bd3f761334f275d8.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d57806d3-f62f-4273-b6ba-d89c319f93c7/nibopowimuve.pdf
  • https://44879a12-c10a-431c-a98a-7de142752d0f.filesusr.com/ugd/bb4607_bd5e1519d1644e53bf3d40892d89d3ac.pdf?index=true
  • https://s3.amazonaws.com/sowirutelevolur/epson_surecolor_p800_prohd_ink_refill_system_from_marrutt.pdf
  • https://2a0daf8d-7d8f-48a8-9da6-1f2c606fcb3a.filesusr.com/ugd/adb9e1_a94d70d3bd654645be244c9517db24ae.pdf?index=true
  • https://uploads.strikinglycdn.com/files/13a81971-8d40-44d1-b739-2654dcb23dc3/rorovubezenexosagix.pdf
  • https://6eed613e-cbae-405e-b458-9655ef9033f8.filesusr.com/ugd/e4f6f0_42c7d891bea44ec09abeeea8808059d3.pdf?index=true
  • https://8d684a1e-4078-49cd-b336-05adf09473b6.filesusr.com/ugd/2b25e8_cffb8329f652474da758086686fbb745.pdf?index=true
  • https://aefbb2f1-1cfc-4a48-aab2-d72547d84173.filesusr.com/ugd/2f3ac6_b2a4b0f1f1f9466289886a222103de7c.pdf?index=true
  • https://33edd578-4186-4695-89f3-f56a5a23fc53.filesusr.com/ugd/f17c08_9dbee46a47be4db3827aa7e1e60aac12.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9fe7928a-ee3c-4e72-bf43-42736ec4d673/39073849356.pdf
  • https://s3.amazonaws.com/jawusawar/grease_script.pdf
  • https://5cbbff6b-7c47-4fbb-abda-9de5069fbc88.filesusr.com/ugd/1a89c8_7c98109fa18f49719073441e37c787aa.pdf?index=true
  • https://627f215e-41ba-4aa4-9906-5f9f9d117739.filesusr.com/ugd/8ab72e_24683fffce52476792a1cb2b3b4de95b.pdf?index=true
  • https://uploads.strikinglycdn.com/files/3ba2e34a-687b-4e5e-a2ac-be2d9e88de6b/27483465097.pdf
  • https://s3.amazonaws.com/nowokil/the_lexus_and_the_olive_tree.pdf
  • https://e3c65705-3664-417e-97b1-2ac29bfab8bd.filesusr.com/ugd/6a5da5_ecbbc3bc02dd40d5ac929716ab2e77d5.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.