Malicious PDF — malware analysis report

Heuristics 3

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://northwalestreeservices.com/uploads/1/3/0/3/130313228/7722373.pdf

  • http://104450345337014885.com/uploads/1/3/0/2/130291040/zifit.pdf
  • http://anti-agingbyrjxjelly.com/uploads/1/3/0/3/130323602/xireraditasoxob.pdf
  • http://rivereasttravel.com/uploads/1/3/0/5/130540284/89e130a5caa2442.pdf
  • http://cprstars.org/uploads/1/3/0/6/130620142/6939058.pdf
  • http://uristlaboratory.ru/uploads/2020/01/29/gupifopowuxuvipisew.pdf
  • http://smithscateringholbrook.com/uploads/1/3/0/7/130775879/2344174.pdf
  • http://wastedtalentdesign.com/uploads/1/3/0/2/130271108/vekoru.pdf
  • http://carzonerepairandbody.com/uploads/1/3/0/4/130483242/wumiwo-fobololubazola-dinexunoduwibit.pdf
  • http://naramataplayschool.com/uploads/1/3/0/2/130270864/lifufazebofe-sakorefozudu-vizidijirefoj-wubuxagelifud.pdf
  • http://thecajunladies.com/uploads/1/3/0/6/130604161/rulowivaguxot_vajet_jitagedogadila_mebara.pdf
  • http://mscbmx.com/uploads/1/3/0/6/130639440/5116238.pdf
  • http://cyclebavaria.com/uploads/1/3/0/4/130476565/130476565.html#non+blanching+rash+guidelines
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.