Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://leonvi.ru/strik?utm_term=how+many+oz+in+a+small+sonic+shake PDF link annotation

  • http://deliwubavamir.mypressonline.com/person_centred_care_definition.pdfIn PDF document text
  • http://jezoxegodugorol.22web.org/papawaluvex.pdfIn PDF document text
  • http://tomogorman.com/891759293768t0oa.pdfIn PDF document text
  • http://vashmaster.info/business_analyst_jobs_no_degreegkd0b.pdfIn PDF document text
  • http://alcexpress1.xyz/plantronics_backbeat_fit_2100_specsvy4gk.pdfIn PDF document text
  • https://powipasime.weebly.com/uploads/1/3/4/7/134725879/vopivufezavorus-melurawufasima-tozotifo.pdfIn PDF document text
  • https://visopitolunew.weebly.com/uploads/1/3/1/4/131483219/3402809.pdfIn PDF document text
  • https://fewurigog.weebly.com/uploads/1/3/0/9/130969621/8724391.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://5c2df1de-05ea-4e17-9aa3-38adc7ce3153.filesusr.com/ugd/ddd609_dd60293bc4d2490da9fffc9d84fb3047.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/157c0ecb-9935-4666-8870-4e47120b28e6/ap_music_theory_test_date_2020.pdfIn PDF document text
  • http://bidavavaxekize.epizy.com/tanedulinexapidegovep.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/6b76e2ef-6cbb-4536-b470-f6491c04768f/nizakixupikojexuwokonel.pdfIn PDF document text
  • https://3c8197b3-f999-4f29-b3da-fbdfea3dbf34.filesusr.com/ugd/0047a4_d105d8031af94e7a947c111e3dd866bf.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/7c0292a8-3c51-4d81-bf06-1cdde2ea2a71/3210284571.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/60a75fa2-0f84-46b1-b5f4-d05a207b3a91/furug.pdfIn PDF document text
  • http://fusozevukatamir.atwebpages.com/39369474249.pdfIn PDF document text
  • https://9e9203d9-9f5b-42f2-a849-05e42d741f90.filesusr.com/ugd/3527d5_cff443bfe048429c9241781abf25e9fb.pdf?index=trueIn PDF document text
  • https://b40f07b9-a98f-42b6-a6e2-5dc2c82ebb0e.filesusr.com/ugd/e949ea_678c8cec7f6944fe8275b2e2cd735011.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/d0c4457b-6a64-484d-a8fd-6934976169f4/brother_lx_3125_price.pdfIn PDF document text
  • http://sebokegekesuded.atwebpages.com/atomic_theory_test.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.