Malicious PDF — malware analysis report

Heuristics 6

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://baarspo.ru/strik?utm_term=how+to+program+keypad+for+garage+door+opener+genie PDF link annotation

  • https://dizodedijep.weebly.com/uploads/1/3/5/3/135391654/barapo_notuloveno_zuvoxeno_jaralakolelala.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4477910/normal_600fef32aa796.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4453338/normal_60084f6c86cf5.pdfIn PDF document text
  • https://mifopubulu.weebly.com/uploads/1/3/1/6/131637027/gegixulite-nipiso-diwofojefuloler.pdfIn PDF document text
  • https://wizujepubenepax.weebly.com/uploads/1/3/5/3/135317151/wekew_piwaterosi_bifilomi.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4454968/normal_5fdf1c397ff74.pdfIn PDF document text
  • http://tidedejix.iblogger.org/emulateur_android_gratuit_pour_pc.pdfIn PDF document text
  • http://wabuxon.iblogger.org/may_glory_to_hong_kong_piano_sheet.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4428083/normal_6033326b8d4cc.pdfIn PDF document text
  • https://jelamiwigu.weebly.com/uploads/1/3/1/3/131382248/tejaxeduxumem_mizikebipodesev.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/fa8176ad-656b-4c0e-aded-af8ffc3a0e07/penanefefexozawiluveb.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/90082478-d4c0-4e3a-b9ef-9ac2f6a8c19f/54855942285.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/3ffc0878-91a6-4683-bc96-4ecbfcd2d444/44751949324.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2b7dbf6a-0565-4cba-9696-3c14307c9318/resumen_del_libro_tratado_elemental_de_derecho_romano_de_eugene_petit.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4f1109c0-1734-4255-9f4c-ef8efa78d402/discrete_time_signal_processing_3rd_edition_oppenheim_solutions_manual.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f3314667-98d5-4e31-82bb-5f3582bc959a/muvixesaxipozezadek.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5cf34196-a0aa-4a3f-8cab-807612c5797d/furepaxadefeji.pdfIn PDF document text
  • http://gusozafameximi.epizy.com/alien_isolation_mods.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4bc72480-2af9-45ba-99d8-44ad8c0aca77/1186274611.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d906fa33-2c79-472c-bfe2-1a6d69969c8e/arduino_programming_language_vs_c.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4fbef966-0753-4173-94f6-918d600e2028/45961577210.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/54928b95-7c26-41ab-b8a3-be356c64c2a2/20707025759.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/890f20cc-0d7e-4d76-a91d-cd2917768e90/87965239505.pdfIn PDF document text
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
  • http://purl.org/dc/elements/1.1/In PDF document text
  • http://ns.adobe.com/pdf/1.3/In PDF document text
  • http://ns.adobe.com/xap/1.0/In PDF document text
  • http://ns.adobe.com/xap/1.0/mm/In PDF document text
  • http://ns.adobe.com/xap/1.0/rights/In PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.