Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dafemum.ru/award?keyword=cambridge+english+test+pet+pdf

  • https://cdn.sqhk.co/josurowelimu/ehiYNje/linugegunavunuwa.pdf
  • https://cdn.sqhk.co/kinibemazoz/jSiehbu/mx_player_apk_latest_version_2020.pdf
  • http://shmelev.pro/forbes_travel_guide_jennifer_kesterbvvbo.pdf
  • https://cdn.sqhk.co/jimavidozeze/i75kjaK/deep_house_vocal_music_radio.pdf
  • http://mon-cmso.best/speed_queen_tr5_vs_tr3etdrh.pdf
  • https://cdn-cms.f-static.net/uploads/4481403/normal_6019d2812fd1c.pdf
  • https://cdn-cms.f-static.net/uploads/4446649/normal_5fe81d045aeaa.pdf
  • https://cdn-cms.f-static.net/uploads/4470224/normal_5fdc459b8a155.pdf
  • https://cdn.sqhk.co/posuwumujome/zgghgw6/rikuwobapasovoj.pdf
  • https://cdn-cms.f-static.net/uploads/4451356/normal_6028f0b3b461a.pdf
  • https://cdn.sqhk.co/dadirowuj/khetoxx/93013229855.pdf
  • http://crysety.xyz/pubepuvobini732wy.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/wizitifowubux/search_for_in_windows_10.pdf
  • https://uploads.strikinglycdn.com/files/ae4fb70f-5d79-4928-8068-1dc8ef5bc82d/bradley_digital_smoker_parts_list.pdf
  • https://uploads.strikinglycdn.com/files/7f8e89a8-9470-41cb-b211-dc71f12195bd/65619104281.pdf
  • https://uploads.strikinglycdn.com/files/b363f0b6-c19e-436d-a983-43f4ad2d83b5/28220820637.pdf
  • https://uploads.strikinglycdn.com/files/d2daae90-19fb-473c-8935-04c6ebf04265/fresh_air_by_ecoquest_service.pdf
  • https://s3.amazonaws.com/batiku/maplestory_full_game_client.pdf
  • https://77ac2d45-d533-4b4b-a85c-01e81860bff9.filesusr.com/ugd/7f1ad7_67ed60945eb9434d968acd2acf89e6dc.pdf?index=true
  • https://4900ecec-7ac1-411c-be2c-b077674085c8.filesusr.com/ugd/493135_1224749dbe02464ea66a993153b70cf1.pdf?index=true
  • https://9e730ba1-499c-413e-9a09-8a81f8121270.filesusr.com/ugd/0a0016_9d3c84a467544eb289057eb5aa14e874.pdf?index=true
  • https://f0f855fd-29d2-4bf6-9fdd-af1de8d1f91d.filesusr.com/ugd/184831_d234bca7de554067b30f2972ad5a423b.pdf?index=true
  • https://30383b9b-b26a-44f4-9a26-03873af8f03c.filesusr.com/ugd/fdee49_d9fcdf93901544e4bb3ae57fed76c23d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/9e7eff06-079f-49d3-a8db-f84583c310ff/what_does_dappled_shade_mean.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.