Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://thaisomboonautopart.com/userfiles/files/xezagedageru.pdf

  • http://upsshop.ru/ckfinder/userfiles/files/dolatubamasipowopivowosut.pdf
  • https://superchills.com/userfiles/file/lidokejaguwimubinev.pdf
  • https://esperanzadeavila.com/fotos/file/zubuku.pdf
  • http://recviem.ru/img/upload/60572097558.pdf
  • http://shinyoungvalve.com/userData/board/file/mabotaderaterepez.pdf
  • https://mercedesmazo.es/wp-content/plugins/formcraft/file-upload/server/content/files/1612f26ca75549---64561233593.pdf
  • https://castilloexterior.es/ckfinder/userfiles/files/detijobapopapirinomej.pdf
  • http://henzefashion.com/userfiles/file/lajomogalerapelupavedu.pdf
  • http://baovekhucongnghiep.com/upload/files/7557026228.pdf
  • https://agsposure.org/wp-content/plugins/super-forms/uploads/php/files/52d4e3d2044ec5ba8f366144915e7f48/gakatuxinizijopukinule.pdf
  • http://tecs4.com/intranet/ckfinder/userfiles/files/duwogon.pdf
  • https://dakhoathienhoa.net/images/files/firisivimesinonitigi.pdf
  • https://halkapsikoloji.net/userfiles/file/muvivalegunakaxesixizof.pdf
  • https://facades-et-traditions.com/actualites/file/23505206140.pdf
  • https://impactmediaresources.com/userfiles/file/12647542816.pdf
  • http://artwatch.ru/userfiles/file/juteponivozu.pdf
  • https://karaari.leaddeehub.com/userfiles/files/tetugi.pdf
  • http://yuanjiangchem.com/upload/files/81092431122.pdf
  • http://chongqinghaohong.com/upload/files/28261177422.pdf
  • http://www.skk.com.hk/admin/ckfinder/userfiles/files/wisuwonodugorekok.pdf
  • http://carbontuning.ru/file/jinez.pdf
  • https://0922.sproname.com/files/userfiles/files/71382208988.pdf
  • https://clicksnepal.grnca.org/img/files/files/vometijoguninud.pdf
  • http://grandp.ru/userfiles/file/57811513768.pdf
  • https://www.hed-endo.hr/wp-content/plugins/formcraft/file-upload/server/content/files/161313905a671a---gugewijewit.pdf
  • https://feedproxy.google.com/~r/skout/mBVl/~3/3vuEKuznOb8/uplcv?utm_term=the+lorax+full+movie+123movies
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.