Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/aws?utm_term=how+to+program+philips+respironics+system+one PDF link annotation

  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://www.daltonmaag.com/In PDF document text
  • https://cb70cc59-2297-49c3-b7e2-2ac7e26e28d4.filesusr.com/ugd/4479ed_a1e43ace0cc945df937376909769e757.pdf?index=trueIn PDF document text
  • https://9cf93ecd-64ee-4ad6-afcc-f350577a7522.filesusr.com/ugd/c4dbd3_8194cb29993548ffa75f211be5197e65.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/5226c20e-6dd0-4502-9eaa-5f33e8b1be8c/saxive.pdfIn PDF document text
  • http://zafagolakogud.rf.gd/jojixopuzoluribo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5fd845ae-0ff3-4fb6-99be-22ad0a6b6a62/best_homemade_juice_recipes_for_weight_loss.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/cc4607c9-b814-4c56-a8d3-ac35b1d2b4d7/tipos_de_metodos_de_investigacion_cientifica_segun_autores.pdfIn PDF document text
  • https://80c93ba6-74df-4afb-9852-3a83eaba20e3.filesusr.com/ugd/4cf28d_3e587251f4434ea7a42c8a1f3bc8a914.pdf?index=trueIn PDF document text
  • https://76ed6b59-b034-43ac-b949-e1c08f76e3cb.filesusr.com/ugd/ee6100_01bf5bafdf4047488c4d428e450e4413.pdf?index=trueIn PDF document text
  • https://d497f082-4895-42de-a72c-038d9367c8a3.filesusr.com/ugd/8e727b_ff8d2aeab80e4ace916fb4a2c6d13935.pdf?index=trueIn PDF document text
  • https://7a3463bf-3117-47cc-940f-ad9d50d05675.filesusr.com/ugd/9f2514_03d5eff9c5184a7fafa8126843a1100f.pdf?index=trueIn PDF document text
  • https://2b08c346-38d8-4763-b559-bb9d4fff2313.filesusr.com/ugd/40c9d6_4b0ed97f0e734e2280ac6d0b0d92dd84.pdf?index=trueIn PDF document text
  • https://13ea8442-998f-4f14-ba3b-7f37e53a414c.filesusr.com/ugd/008a9f_ce42562bda8f4123a1b9b1b45fdc3775.pdf?index=trueIn PDF document text
  • http://nezepipiniwaj.rf.gd/batch_file_scripting_tutorial.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1c9a1396-3339-47b6-9701-4d6859f1ca97/luroxorefajagi.pdfIn PDF document text
  • http://xikisefux.epizy.com/73365173175.pdfIn PDF document text
  • https://c1bbde11-5cda-4f7c-8b74-b2fe90b484f5.filesusr.com/ugd/1c8c6c_b425e269831f4116a97cab704ee3241a.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/c03fc26a-4410-4c21-ab4c-459350fcda7c/tuletak.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/815cf37f-30d8-4c71-bdcb-941071fe457c/how_to_reset_a_kenmore_elite_refrigerator.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f889bcf0-a5a8-4a4d-8385-9d68d6a382cf/vojom.pdfIn PDF document text
  • http://midelex.epizy.com/fundamentals_of_biochemistry_5th_edition.pdfIn PDF document text
  • https://ec2d952e-5494-46d8-b841-fee222248b17.filesusr.com/ugd/9713d5_4270e1b609c84d94ac8411e54864f8ae.pdf?index=trueIn PDF document text
  • https://eeff404e-5492-4914-a1d7-e39d1f35e6b2.filesusr.com/ugd/e58d70_ecafa13ae2ca4316b3422d69c4336a85.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/a60beb66-f3c7-4792-80d5-2f8c1a154853/why_isnt_twilight_free_on_amazon_prime_anymore.pdfIn PDF document text
  • https://ba789de2-c385-43ee-b32d-a34c698d1993.filesusr.com/ugd/b7082a_e2be838c73064543a4da82364e4278ce.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/8a73a79a-9753-4b01-943f-50fb40dbf21f/free_math_worksheets_for_kindergarten.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a00d0375-1c23-454a-94cf-f6d60b2d4f76/freelance_academic_writing_jobs_online_uk.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.