Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/strik?utm_term=focusrite+scarlett+2i2+1st+gen+price+in+india

  • http://lyudi23.ru/hodgdon_2020_annual_reloading_manual_canada315sx.pdf
  • https://cdn.sqhk.co/soxesemu/VqdicMX/bibasasevonugejisidemuz.pdf
  • http://xapozibun.22web.org/how_to_help_your_dog_with_joints.pdf
  • http://interior.estate/fujitsu_fi-7160_error_code_ds42046mtl3x.pdf
  • https://cdn.sqhk.co/gufojakig/izhbjg7/hide_and_seek_maps.pdf
  • https://cdn.sqhk.co/baxotonad/ifhbgjn/47536952921.pdf
  • http://veparugadoma.22web.org/fuperiruwesut.pdf
  • http://steh-sistem.ru/parts_of_speech_practice_with_answersro3p8.pdf
  • http://kusulapezep.iblogger.org/how_to_clean_whirlpool_duet_washer_filter.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • http://dupodege.rf.gd/public_administration_meaning_nature_and_scope.pdf
  • http://famebod.epizy.com/77109232678.pdf
  • https://efe523a3-d756-4f55-ba91-412f3a718e00.filesusr.com/ugd/236571_aa4de9a9b1934edba307b4f7b051c1a4.pdf?index=true
  • https://47a25507-5c4f-4e73-9b7c-0c49514c8174.filesusr.com/ugd/e00bd3_f4df76063f4a4a1492191c8ce48ce44d.pdf?index=true
  • https://5be7aec3-7d66-433b-ae1d-2bfb807ddf2a.filesusr.com/ugd/24deb6_baca523d79e742faac4e417c9aa68432.pdf?index=true
  • https://f8ba888e-8f71-4fde-8303-550399648f4e.filesusr.com/ugd/17ce20_49e38768ab9c428fb69908b4cc6cd280.pdf?index=true
  • https://e2e5a77d-bfc7-473a-80cd-e4538f34cf6b.filesusr.com/ugd/c34eac_61d3c373fdbf42c9bc03b07d002fa5cd.pdf?index=true
  • https://19972ee8-34f0-4900-8009-9f590161cd02.filesusr.com/ugd/64db51_a3cda146aa494998bac18167246a7082.pdf?index=true
  • http://futoxivugumerav.epizy.com/72051992030.pdf
  • https://f61a8d15-835b-4c36-a3db-e4ead73ab13f.filesusr.com/ugd/e9f5f3_bc1a64c770a947b79fd99de1c2f45a94.pdf?index=true
  • https://391e4f24-9fc9-4707-ac06-338edcd9f959.filesusr.com/ugd/110ef3_2f1f91e5ecb145b79bda500bf3397046.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.