Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://xezojetit.ru/award?keyword=finite+geometric+series+worksheet+pdf

  • https://vugilove.weebly.com/uploads/1/3/4/2/134234765/karojubuvapa.pdf
  • https://giruwaferelesed.weebly.com/uploads/1/3/4/8/134850821/xebekogunofiv.pdf
  • https://kajizifobizixa.weebly.com/uploads/1/3/3/9/133997117/savegazovenaze.pdf
  • https://cdn.sqhk.co/fejisedetu/afm2vhd/microsoft_onedrive_app_for_windows_10.pdf
  • https://cdn.sqhk.co/kerodamajop/h62piey/16137643972.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://2df275fc-a8dd-466e-be95-33fe0afe7bed.filesusr.com/ugd/9b6d1e_a930e817899a4ae8a592a69924db71a4.pdf?index=true
  • https://27f1a270-5048-4778-87f0-574dfe85248a.filesusr.com/ugd/b7306e_406dcb3b50fe47b3afaf11280cfe0a3d.pdf?index=true
  • https://24d1f61b-f5c5-4d2f-8180-62589f44e8d8.filesusr.com/ugd/eed56f_7011ba3205eb4ea0a07b72091f708d94.pdf?index=true
  • https://3d0f0459-0d4a-4af3-8122-650a791bae6d.filesusr.com/ugd/3254bf_fc8147d195444614a41b6f54ba062e9d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/38bfa201-09fe-4f6e-a19a-5390eb14e689/can_you_buy_starbucks_mugs_online.pdf
  • https://f2d828cf-06d9-46ea-85af-d88b0bc20d44.filesusr.com/ugd/501a20_668f536b536c455191c59a126ae8786b.pdf?index=true
  • https://709e7e89-b264-4d73-b757-064736ed86f1.filesusr.com/ugd/f523c3_35d2faab306a4b3398c73a1bf58a3c80.pdf?index=true
  • https://7043ee2c-bc2d-4d46-b82c-b0075177c1aa.filesusr.com/ugd/f862b5_58b78951acab4e3cb5c4e79d7359f2be.pdf?index=true
  • https://769966b8-4adc-437e-bba8-f198cf6e171b.filesusr.com/ugd/41a0b6_450a89708cf5400ea4b45cbb7ba4b97c.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d1469755-458f-415c-978b-4359c75cdbed/34293282643.pdf
  • https://78a3f932-2eca-4366-91b9-d52a2f3c5f58.filesusr.com/ugd/a586f9_be9252193ed045dba1c3e7dd82d178ab.pdf?index=true
  • https://uploads.strikinglycdn.com/files/cd74d6e5-e9d7-4ba6-a38e-34cf1f38955c/plantronics_backbeat_fit_user_manual.pdf
  • https://uploads.strikinglycdn.com/files/0aad5a55-a808-45b6-88cd-6b5b7125e1f9/69353602025.pdf
  • https://uploads.strikinglycdn.com/files/a280ba8d-ea2b-4109-84cc-97637c9f88de/wheel_horse_tractor_for_sale_near_me.pdf
  • https://uploads.strikinglycdn.com/files/224b462f-c3b4-4c86-aa54-e28b423d3578/57471986076.pdf
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.