Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/award?keyword=bpsc+cadre+code In PDF document text

  • https://romigugegis.weebly.com/uploads/1/3/1/3/131384185/lipixar_futomisuniji_wamomib.pdfIn PDF document text
  • http://revilokepudidu.mygamesonline.org/biografias_de_los_personajes_mas_importantes_de_la_independencia_de_mexico.pdfIn PDF document text
  • https://lopetumidola.weebly.com/uploads/1/3/3/9/133989387/db158bb8c.pdfIn PDF document text
  • https://pirulilepeno.weebly.com/uploads/1/3/4/0/134040853/6010804.pdfIn PDF document text
  • https://cdn.sqhk.co/kobadaxo/igoihgg/71685818378.pdfIn PDF document text
  • http://lololoj.sportsontheweb.net/eyelash_extension_training_foundation_program.pdfIn PDF document text
  • http://wijetaz.mypressonline.com/what_is_an_ivr_pin_for_unemployment_colorado.pdfIn PDF document text
  • http://xojuxelase.medianewsonline.com/alpha_word_in_urdu_alphabet.pdfIn PDF document text
  • http://nekuwagibajese.getenjoyment.net/little_book_of_common_sense_investing_amazon.pdfIn PDF document text
  • http://niburufajanuto.sportsontheweb.net/what_are_the_stages_of_disaster_recovery.pdfIn PDF document text
  • https://bevereka.weebly.com/uploads/1/3/0/7/130739533/fowavewipuf.pdfIn PDF document text
  • https://lekumoga.weebly.com/uploads/1/3/2/6/132683130/2604121.pdfIn PDF document text
  • https://cdn.sqhk.co/diwiporeb/fBhigjJ/build_a_bear_frog_overalls.pdfIn PDF document text
  • http://giwapozolaleg.mypressonline.com/1_metro_cuantos_centimetros_son.pdfIn PDF document text
  • http://winovigamaj.mygamesonline.org/how_to_write_a_review_lesson_plan.pdfIn PDF document text
  • http://gejudoxe.mypressonline.com/xbox_live_fehler_8015d002.pdfIn PDF document text
  • http://lezigovedavide.getenjoyment.net/nasb_macarthur_study_bible_2nd_edition_premium_goatskin_leather.pdfIn PDF document text
  • https://zelowomuguzak.weebly.com/uploads/1/3/1/3/131379017/3067221.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://rogofideb.onlinewebshop.net/6759981138.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text
  • http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
  • http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.