Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/strik?utm_term=barnett+vortex+compound+bow+19-45+lb PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4419206/normal_605b6b6b4e0f6.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4480732/normal_6037c198601e0.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4477376/normal_603e2c5d37b41.pdfIn PDF document text
  • http://pafiwuz.66ghz.com/basics_of_biblical_greek_workbook_4th_edition.pdfIn PDF document text
  • http://davusivit.22web.org/89005496250.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4382197/normal_6059f40c21cca.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4487916/normal_6004954693ed9.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://992bddda-184d-467f-a815-0165b41a2208.filesusr.com/ugd/69695d_e93e42aa8fba402a812d018039a02ffa.pdf?index=trueIn PDF document text
  • https://e26976e3-f089-44cc-a2a6-54bcc6cae308.filesusr.com/ugd/0df15e_fb3b3b3e98fc478e9bacec972d5f54fa.pdf?index=trueIn PDF document text
  • https://54d25d35-1219-4e5f-97c3-905e72ea606f.filesusr.com/ugd/6d59ab_5e34e9b9840e435d800d45a1e05d604f.pdf?index=trueIn PDF document text
  • https://c1cb471f-fc5c-4ef2-b3e1-4d0d0d09d135.filesusr.com/ugd/cc5b41_7058b7dbd60c4bc2bd63ea9aa6ea4bbc.pdf?index=trueIn PDF document text
  • https://39c1d623-eccb-4af0-a86a-15328a2d61f9.filesusr.com/ugd/3cb6cb_409aa2a1ef604921895b255be81e884b.pdf?index=trueIn PDF document text
  • https://47ab6ce1-aee6-4086-a8e7-31fe393d2411.filesusr.com/ugd/afbef4_50a1a0793f8d462fa4039a94778f17ea.pdf?index=trueIn PDF document text
  • https://7980b0ff-2efe-48f4-a442-6c87bca80713.filesusr.com/ugd/9bd8c3_deee79cde8af455ba5e717e7a3432170.pdf?index=trueIn PDF document text
  • http://rowezezivifa.epizy.com/jiverazipo.pdfIn PDF document text
  • https://1c437d0a-cccb-4a8a-93f1-39e0b5126915.filesusr.com/ugd/b91566_f890000fe6974bc6bb2e297f5267c20e.pdf?index=trueIn PDF document text
  • https://9d76d0c6-5807-43ac-a2ba-7b4112d1a20a.filesusr.com/ugd/5cd33b_c0a5970197d34e29afd3aa8e45a858e3.pdf?index=trueIn PDF document text
  • https://e2604e0b-f95a-4acb-b53f-a7db3827b2a1.filesusr.com/ugd/225520_3b19e0187e0b444f895277085e12c0c8.pdf?index=trueIn PDF document text
  • https://b7d3a0ae-8059-487b-8826-088776693174.filesusr.com/ugd/8d23e4_ba9546893ec54ca78cc936786cb62423.pdf?index=trueIn PDF document text
  • https://b3695a61-a5b7-457a-863f-99677d03e0cc.filesusr.com/ugd/f2a82d_1d2b67ccde794e288ee305c8a75c34b7.pdf?index=trueIn PDF document text
  • https://a9864912-ad24-422b-99f3-2d90f7703507.filesusr.com/ugd/d6af85_e4b0a2793d0f478b8415b8d5ed99febc.pdf?index=trueIn PDF document text
  • https://1dda4824-043e-406b-9213-03d4b91bb4d1.filesusr.com/ugd/7695bb_395f0d093d3d43bf8916725e37c69f22.pdf?index=trueIn PDF document text
  • http://wekidezeze.epizy.com/gavamaf.pdfIn PDF document text
  • https://6200e599-3f2f-4e3e-ab45-e6977ed7e777.filesusr.com/ugd/f8de3e_b75d2e842fc34d579427acbed10a7641.pdf?index=trueIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.