Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
  PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 40 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/award?keyword=thyristor+tutorial+pdf

  • https://cdn.sqhk.co/nudofarus/dkWienL/sssniperwolf_age_fortnite.pdf
  • https://cdn.sqhk.co/tosijoxopum/jrZlijv/drum_set_electronic_sale.pdf
  • https://cdn.sqhk.co/jivizedu/jbX5hcH/37080934901.pdf
  • https://cdn.sqhk.co/gatezoru/bJbgjjf/58185022523.pdf
  • https://s3.amazonaws.com/lomogas/lelofijevim.pdf
  • https://1a6defe7-92a0-4357-8a70-d3bce85d30c9.filesusr.com/ugd/385065_e076d6d863994f6db124fb367bc973da.pdf?index=true
  • http://ruredat.rf.gd/fukisamirawuwugudojami.pdf
  • https://937a8a2d-b41a-4163-aff8-eda6db263557.filesusr.com/ugd/21e6f2_de4c6e16a63e42609db9ff26c2d7fdb7.pdf?index=true
  • https://s3.amazonaws.com/vavejijitatofu/73113992194.pdf
  • https://520c840f-7702-4e28-87de-278da5b03b63.filesusr.com/ugd/e633b3_f951b2e5096a44429e7077c8aa44d95f.pdf?index=true
  • https://s3.amazonaws.com/tojabixefova/57540840439.pdf
  • https://d0a6b1b1-1773-4622-8b5e-0ab5990a7ed3.filesusr.com/ugd/b90ba1_5f3259fd15664d54b949413272aaa4f7.pdf?index=true
  • https://a29d81ee-e589-4368-99bd-4e0be04eb4c0.filesusr.com/ugd/a89e6e_c906fe3018d84ada8ef66b066c247aaf.pdf?index=true
  • https://2c549fd3-bbcc-4e43-aea5-84609313cfd4.filesusr.com/ugd/c162b3_ee31a239d60646568f0f7f85b9c42f81.pdf?index=true
  • https://229c3593-bb94-4e5d-9b9f-ca3747df48ef.filesusr.com/ugd/145364_f6a895bf1e494f87803865349faff944.pdf?index=true
  • https://s3.amazonaws.com/supefujoxopubu/derecho_romano_marta_morineau_precio.pdf
  • https://s3.amazonaws.com/juduk/os_blackberry_10_autoloader.pdf
  • https://a161ff94-1a6f-4367-b6f8-8e513a5e676d.filesusr.com/ugd/4c7633_a3874ccae87a43fd8cd3ad15254170c5.pdf?index=true
  • https://3f9320ff-391d-49df-b192-c557e211a93c.filesusr.com/ugd/469aea_4b16c670e7b542e394f8654e42511e67.pdf?index=true
  • https://2061f665-9309-41a6-981d-137229ee7e60.filesusr.com/ugd/eb2fe6_252b5a11f94a430caaeb7a586a362378.pdf?index=true
  • https://2c0370cf-43ec-4dc9-8589-ec1e7793a70d.filesusr.com/ugd/404058_e1f919502c74445d839754ff81392df1.pdf?index=true
  • https://cfc603e6-7cd4-4c42-812b-9722deb80ae4.filesusr.com/ugd/0e9fc2_f5349fa22d6544b49ee9cb2337fbe4cd.pdf?index=true
  • https://badbb018-ab4e-499b-b788-960949b82e3d.filesusr.com/ugd/4f4c56_d313d68d64df401bbe6674d5f3f5a203.pdf?index

Open this report in the interactive analyzer, or submit your own file for analysis.