Malicious PDF — malware analysis report

Heuristics 3

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://theduiskeinn.com/uploads/1/3/0/6/130639766/1ee422677a.pdf

  • http://philipejike.com/uploads/1/3/0/5/130539672/c3a29.pdf
  • http://psychastar.com/uploads/1/3/0/5/130545627/fb234919d52.pdf
  • http://boujeebbeauty.com/uploads/1/3/0/5/130539934/c7efdcfe0abdc.pdf
  • http://eurovisual2015.com/uploads/1/3/0/6/130621206/gizekazilikel.pdf
  • http://drbrewer.net/uploads/1/3/0/4/130483667/0c7c86c.pdf
  • http://nadiajanssens.weebly.com/uploads/1/3/0/2/130292110/mezilemonof_teduwimuforij.pdf
  • http://northernlightscoaching.net/uploads/1/3/0/5/130543665/1967449.pdf
  • http://xile.omgnew168.com/uploads/2020/01/27/1e0e6.pdf
  • http://overlookatlindberghfinancing.com/uploads/1/3/0/3/130313262/valasikew_betegi_topomoto_wisijan.pdf
  • http://astrologyandcrystallighttherapy.com/uploads/1/3/0/5/130543168/6667805.pdf
  • http://nupelicanparty.org/uploads/1/3/0/3/130313070/130313070.html#multiplication+and+division+of+mixed+fractions+worksheets
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://fedoraproject.org/wiki/Licensing/LiberationFontLicense

Open this report in the interactive analyzer, or submit your own file for analysis.