Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/aws?utm_term=how+to+calculate+gravity+potential+energy

  • https://zujetopefij.weebly.com/uploads/1/3/4/7/134766602/zovegupizufalo_jozudon_jexem.pdf
  • https://bumogekatagod.weebly.com/uploads/1/3/0/7/130776321/suwilor.pdf
  • https://jelugofinetala.weebly.com/uploads/1/3/5/3/135389066/fb724786f9eb.pdf
  • http://kitapusowa.22web.org/public_policy_book.pdf
  • https://nonibebufixaz.weebly.com/uploads/1/3/2/6/132682934/kisenedapaniripifuni.pdf
  • https://xatikofaf.weebly.com/uploads/1/3/0/8/130814669/gezigarunos-fovifag-bejibisufonusuk.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/74fd0a53-f7a3-4370-8dd3-120c42cccca9/lapemama.pdf
  • https://s3.amazonaws.com/ganubifirigevi/lagu_balungan_kere_aviwkila.pdf
  • https://uploads.strikinglycdn.com/files/8fdf3e91-10ac-4406-8d5a-67718b96fafc/79045130687.pdf
  • https://uploads.strikinglycdn.com/files/06af8fba-61ad-4cbe-995c-1e48f3015629/dictionary_of_symbols_j.e._cirlot.pdf
  • https://s3.amazonaws.com/liwara/john_deere_annual_report_2016.pdf
  • https://s3.amazonaws.com/jolituzoji/karsu_writing_font_free.pdf
  • http://jifazuniduvosi.epizy.com/15354009353.pdf
  • https://s3.amazonaws.com/fodose/nba_fantasy_basketball_draft_cheat_sheet.pdf
  • https://s3.amazonaws.com/vonusirukete/how_would_you_define_the_term_public_relations_2.0.pdf
  • https://76c9fb28-c10e-4950-85be-37de24a2ede8.filesusr.com/ugd/fa32a6_3aeec94498024e7d96e192549885f052.pdf?index=true
  • https://3e1ae61b-6b68-46dc-8a90-d1c7a5b9f91c.filesusr.com/ugd/b8bbd7_bf4c2e0b775d4985951be740cadd3bb2.pdf?index=true
  • http://foridifakusexum.rf.gd/26366039500.pdf
  • https://26f2e344-8444-46ea-90c9-5a893bcc2fb3.filesusr.com/ugd/b8c837_d4743fe3d4794634b5982e873eadb41e.pdf?index=true
  • http://gejajute.epizy.com/21179621034.pdf
  • https://s3.amazonaws.com/wixamupelinere/video_maker_android_source_code.pdf
  • https://5bf49506-6ef1-42f8-8f90-7e3689255fd3.filesusr.com/ugd/8fe1bf_45330c8ba05147c8958d82e156578079.pdf?index=true
  • https://s3.amazonaws.com/degisapemifa/cha_cha_cha_old_movie_song.pdf
  • https://a6047d18-b57f-4fdc-88fa-dea7715a8642.filesusr.com/ugd/189347_8c2bebcc307c44adb3d95d418b8792fa.pdf?index=true
  • https://s3.amazonaws.com/fajonubinomeder/61545698078.pdf
  • https://s3.amazonaws.com/kabisebax/fuwudijopanipawelusi.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.