Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/123?utm_term=financial+statement+template+xls+south+africa

  • https://static.s123-cdn-static.com/uploads/4445880/normal_5fe5b87600db2.pdf
  • http://maxoranano.sportsontheweb.net/ziseremi.pdf
  • http://rolorutebu.sportsontheweb.net/tendinitis_aquiliana_ejercicios.pdf
  • http://nopotaz.medianewsonline.com/how_to_make_sketch_animation_video_or_whiteboard_animation.pdf
  • https://cdn-cms.f-static.net/uploads/4476578/normal_6031cd86e3452.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/7a45524f-a918-4456-92b6-ba33f2e4b2f1/36564508563.pdf
  • https://dbba0f06-1911-40f0-8c80-a2638c7f81cc.filesusr.com/ugd/b13fd1_c0a80f277c884173b8e103b5e2b5024c.pdf?index=true
  • https://73c25812-7308-4b32-b985-10e2a25710ca.filesusr.com/ugd/5b604d_84bcd45c5595423fa94a9976ad50f09f.pdf?index=true
  • https://46d16763-6c5f-4e19-aa2c-3f4071fcbec2.filesusr.com/ugd/26f730_3282f4c882374fb294632e1d961f53b3.pdf?index=true
  • https://43a2ba88-5de9-465b-b95f-6a4d82f2d06e.filesusr.com/ugd/dcbeda_636f34842f894a3eb1a979a9d8e94880.pdf?index=true
  • http://gidubabe.myartsonline.com/nafelugas.pdf
  • https://ce099f17-eb12-430b-a452-8d789b3ee5a8.filesusr.com/ugd/aef5b7_9a86dbb34bb94e4b8446c728e2e891b4.pdf?index=true
  • https://uploads.strikinglycdn.com/files/628c4ca4-1276-4d3a-8e43-c5ffb44ff1b7/febad.pdf
  • https://uploads.strikinglycdn.com/files/dad0babb-e4a4-46d3-9a83-471feda978eb/is_aqua_water_good_for_you.pdf
  • https://c4bedd8b-a3e9-4aa8-9751-a6fde4035b7e.filesusr.com/ugd/037f08_97d2529339cc4a12b6d07d9fbb614655.pdf?index=true
  • https://uploads.strikinglycdn.com/files/82431da9-9dc8-42a9-af84-188fa572dce5/14171907958.pdf
  • https://uploads.strikinglycdn.com/files/38df5c96-b964-479d-a7ab-8198bff6427d/44494743516.pdf
  • http://jokosen.atwebpages.com/xeloleba.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.