Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dugedepap.ru/award?keyword=ccma+7.+11+form+pdf

  • http://belplitka.ru/1354600586y20y3.pdf
  • http://shop-kid-toys.online/xobotumpmdey.pdf
  • http://helpcenter.business/brahmachari_mogudu_telugu_movie_songs_freet82j5.pdf
  • http://limaxinsto.xyz/g-shock_ga110gb-1acr_watchywkr7.pdf
  • http://usesucre.pro/70836921720f8lqo.pdf
  • http://goodnatural.space/cnc_machine_operator_near_mebct3d.pdf
  • http://ig-copyrightnoticehelp.com/vopegisixito7wu7p.pdf
  • http://hardcreditcheck.info/zameviepoeu.pdf
  • http://fly-drive.online/12_stages_of_the_heros_journeyk7r60.pdf
  • http://app-3null.com/ministry_of_information_and_broadcasting_address_delhi6r0c6.pdf
  • http://winclean-shop.space/blue_iris_hair_salon_staple_hilllnubc.pdf
  • http://goldstein.capital/903173039117lwkt.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/aaa591fd-2310-452f-aec0-456eff82a1bc/how_to_train_for_a_marathon_plan.pdf
  • https://ee42ee57-4547-4a8c-8a66-6cccb7f6869d.filesusr.com/ugd/2a9ad2_e59c8b2d84ef4b9487a91e590a20e914.pdf?index=true
  • https://uploads.strikinglycdn.com/files/8ac9f7d4-1278-4971-a863-7ae2b387722c/how_much_money_start_monopoly_rules.pdf
  • https://6200e599-3f2f-4e3e-ab45-e6977ed7e777.filesusr.com/ugd/f8de3e_e5e9bfb87598468a9c3e2b7a914a7308.pdf?index=true
  • https://uploads.strikinglycdn.com/files/7e0a5ccb-5312-40ff-9df7-fea4e1d66f62/dell_latitude_e5420_release_date.pdf
  • https://uploads.strikinglycdn.com/files/95b130cc-e3a5-4082-be8f-a52d08f42bab/verizon_lg_flip_phone_user_manual.pdf
  • https://59e5a08b-0d8d-455f-a3a7-35a3b781ab3e.filesusr.com/ugd/784815_39c931cdf28a444ba64b53baad4376a1.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.