Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/award?keyword=use+of+alternative+energy+resources+pdf

  • https://static.s123-cdn-static.com/uploads/4381531/normal_5fcb00337fa37.pdf
  • https://static.s123-cdn-static.com/uploads/4379380/normal_5fe433c5906dd.pdf
  • https://static.s123-cdn-static.com/uploads/4483089/normal_5fcae9cbcd4c1.pdf
  • https://cdn-cms.f-static.net/uploads/4504870/normal_60138b07efad3.pdf
  • https://cdn-cms.f-static.net/uploads/4424951/normal_6018a4023d70e.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://113c517c-d7b0-4b36-99d7-6722bcb7ef36.filesusr.com/ugd/8e66a5_f5e4ca5157d34d20824f0687018f9c20.pdf?index=true
  • https://587b455d-cc79-4428-8e80-a8b75ce23bca.filesusr.com/ugd/021ec8_823e891055254ff6866576862bbefa7c.pdf?index=true
  • https://6998e30b-c911-4113-ab34-4c15204891c7.filesusr.com/ugd/429b25_509287a0156e457d86de3a6428baf9c0.pdf?index=true
  • https://45f91bdd-2b68-4e60-ae2c-b14373ae5332.filesusr.com/ugd/0d089b_6ca0d786e7b84102b5288852459d56c2.pdf?index=true
  • https://af431a04-9ebc-4ea4-a98d-45e4ffbfad14.filesusr.com/ugd/485053_fe1c45d202ac4199a2941bdc4ed87a0f.pdf?index=true
  • https://5bf49506-6ef1-42f8-8f90-7e3689255fd3.filesusr.com/ugd/8fe1bf_c2efbfb5f85340dd84418903231f7abf.pdf?index=true
  • http://wedasolewi.rf.gd/the_magicians_book_review.pdf
  • https://dfa52777-3edb-460f-9b14-ca5101cd4ecc.filesusr.com/ugd/5360f8_6ffb1b762a5d46d9a1aa0d21c8262c8c.pdf?index=true
  • https://4f0754e2-f0c4-47db-826b-83042027646c.filesusr.com/ugd/7a11b0_3a48dd5082644c85be2782d5d63011f2.pdf?index=true
  • https://a3e8d6b6-68ee-4625-a313-a25a09dbd39d.filesusr.com/ugd/312e12_03e1e93137314b448b6da52b67f85afc.pdf?index=true
  • https://d992f69e-bc5b-430a-92d7-abfd66d0380b.filesusr.com/ugd/6f7357_85883b69cdd84e1eaeaa48bc9ce750be.pdf?index=true
  • https://46d16763-6c5f-4e19-aa2c-3f4071fcbec2.filesusr.com/ugd/26f730_e68cded4ad29498cb5ae4abde60b947e.pdf?index=true
  • https://2b81f3f0-3f46-42ff-87a7-5865dd96cd3c.filesusr.com/ugd/fb41f9_001b16d826fc4a849cca6c442f2ee7d5.pdf?index=true
  • https://ecab545c-19d2-4654-b6ac-fb8b9749f5ba.filesusr.com/ugd/e5412a_67a79ae2e46f4649814fb13830d2f9ee.pdf?index=true
  • https://e7ee8fec-6806-4cdb-8be5-e75c31c374a0.filesusr.com/ugd/e54fc7_a85c7c6e51f64227a8d440773fed339b.pdf?index=true
  • https://b23183eb-b2e5-455e-bc25-91fac1efd10f.filesusr.com/ugd/cc14e4_f83be5cc8fe8406dbee7c7cf632f53ac.pdf?index=true
  • https://aa5f33e9-793b-4807-a257-9eac84d314d0.filesusr.com/ugd/aa57b2_f51171162e554b7da35ec7ae51df3fe3.pdf?index=true
  • https://3568c1c9-c281-4b9a-9ea9-d5d291e0176b.filesusr.com/ugd/e5d8db_b064d1f8bf914b6d8fd6d53f2b4d2363.pdf?index=true
  • http://ruwukag.epizy.com/biedermeier_zusammenfassung.pdf
  • https://128fc002-9ed4-4a8f-9a6b-83b43563a9ed.filesusr.com/ugd/6812d7_b1be7368a1634f6ea338c9b9a9a51a02.pdf?index=true
  • http://gonopezusigel.rf.gd/49621186867.pdf
  • https://43cb2d18-1589-43a7-b1c5-fe1278e1c76d.filesusr.com/ugd/370b54_abade6f18f62408da52fc5323a6fbaec.pdf?index=true
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.