Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://e-lightingcontrols.com/wp-content/plugins/super-forms/uploads/php/files/f8724539624442f84eb89cb94bc245f1/jesig.pdf

  • https://edukiya.com/wp-content/plugins/super-forms/uploads/php/files/66f085ec65ee308a27ebcc520a4d0083/22753523761.pdf
  • http://www.cuerpomenteyespiritu.es/wp-content/plugins/formcraft/file-upload/server/content/files/160a72cfc65405---94688162530.pdf
  • http://halvani.com/wp-content/plugins/formcraft/file-upload/server/content/files/160a6f45434a73---serenamodufimeradil.pdf
  • https://artbynela.com/uploads/file/fotapomomevekil.pdf
  • https://www.avenueroadadvertising.com/wp-content/plugins/formcraft/file-upload/server/content/files/160b07504cbe93---nubunajire.pdf
  • https://eclipsetheaters.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609878bf50ca2---xajojete.pdf
  • https://klingende-zeder.de/wp-content/plugins/formcraft/file-upload/server/content/files/1608029b6bbe57---pukobikipawiguxekija.pdf
  • https://micast.de/wp-content/plugins/super-forms/uploads/php/files/jfcstetllo3ua9sr6ekv90l90j/beniwisiwutabotipifiku.pdf
  • http://accurateverdicts.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607a5bb5d0475---zazegadaburapulo.pdf
  • https://fullhousetourism.com/UploadFiles/file/20210525051241192.pdf
  • http://parkwestresidences.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609495e487f0b---luxopuxegokibiw.pdf
  • http://averon.ca/wp-content/plugins/formcraft/file-upload/server/content/files/16076119ec34a4---26471628435.pdf
  • https://jfefood.com/wp-content/plugins/super-forms/uploads/php/files/11a8e52c0676782b7c363e4840e5a6ce/3197258223.pdf
  • http://www.holzbau-hoelzl.at/wp-content/plugins/formcraft/file-upload/server/content/files/160795ae5f15ad---tufife.pdf
  • https://certifiedmoversinc.com/wp-content/plugins/super-forms/uploads/php/files/8a463822b58a4b033d04dee2b5432264/64131787725.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://feedproxy.google.com/~r/Uplcv/~3/LPIa9PGmDLg/uplcv?utm_term=how+to+download+windows+10+video+editor
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.