Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://coretry.ru/pbw?utm_term=glencoe+algebra+1+chapter+7+test+answer+key PDF link annotation

  • https://wuzinetasinozud.weebly.com/uploads/1/3/1/6/131606123/36154645d29.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4490917/normal_5fed7c2f1b86c.pdfIn PDF document text
  • https://lusezatakobav.weebly.com/uploads/1/3/4/3/134352635/8847088.pdfIn PDF document text
  • https://wamogipoko.weebly.com/uploads/1/3/0/7/130739383/pubekarowoz.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4386335/normal_60361dc364ef9.pdfIn PDF document text
  • https://parafobosa.weebly.com/uploads/1/3/1/8/131857791/xubelepejotosesikigi.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/cdad8175-5364-46a5-a058-5b0a6eee869f/72802391491.pdfIn PDF document text
  • http://betosaxugawi.pbworks.com/w/file/fetch/144629493/66208482440.pdfIn PDF document text
  • http://jetubabup.pbworks.com/f/13259917347.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b72f97f7-b990-49d9-8600-942881f1ec1f/gabawumeviwowub.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e9396ad7-e06f-4b6c-af91-1fafee05b0f6/xefiduzumaleruvemamo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/dfe687ca-0f61-4c0c-afff-9b492d2788da/77778849120.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/58e28fea-0f13-494f-a8d8-f80084a31fd9/which_type_of_space_heater_is_safest.pdfIn PDF document text
  • http://jopamedet.pbworks.com/f/sabiweretabufuze.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/78c28108-7d58-4040-8543-e3565ea5ef8a/xotedijisibozataleweravaj.pdfIn PDF document text
  • http://fokopaviwu.pbworks.com/f/20115299559.pdfIn PDF document text
  • http://lomubel.pbworks.com/f/transformar_metros_quadrados_em_hectares.pdfIn PDF document text
  • http://rorazokazog.pbworks.com/w/file/fetch/144503853/my_hero_academia_op_2_name.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/22e3f1bb-fa24-4aad-bb8f-853f504171d6/can_chocolate_keep_you_warm.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.