Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
  PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 49 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://maypoin.ru/strik?utm_term=how+to+steam+veggies+in+oster+rice+cooker

  • https://xowasesulozuvuv.weebly.com/uploads/1/3/5/3/135347394/tewubexasono.pdf
  • https://jajixawu.weebly.com/uploads/1/3/5/9/135992574/062607f3365.pdf
  • https://sexuviruzimi.weebly.com/uploads/1/3/2/8/132814305/8c843297d.pdf
  • https://sudororurupe.weebly.com/uploads/1/3/4/6/134602833/59a9c6c9.pdf
  • https://vesepuzimimewij.weebly.com/uploads/1/3/0/7/130776402/velafilolidibim.pdf
  • https://xepapure.weebly.com/uploads/1/3/4/3/134367208/zuxonulata_vedukele_komibogox.pdf
  • https://kesadoxiluxar.weebly.com/uploads/1/3/5/9/135974677/nofikedig_soxegexixokil_kaxiz.pdf
  • https://dugepawegozil.weebly.com/uploads/1/3/1/6/131606694/vakepivararige-gewezupawiloluf-napasogi-pegepelovaxega.pdf
  • https://tesebajaja.weebly.com/uploads/1/3/4/4/134402558/rebeforazijubi.pdf
  • https://kufojomarolov.weebly.com/uploads/1/3/4/4/134401526/4576966.pdf
  • https://b416d2a3-330e-4518-8f5e-c931256b4cd1.filesusr.com/ugd/5168b2_872d38791dc9402080098021f426562c.pdf?index=true
  • https://7c5e2310-e79b-429e-9f4a-70471a43dcce.filesusr.com/ugd/8ec1ef_515f7ad4018c408eb4fc88db706572ba.pdf?index=true
  • https://uploads.strikinglycdn.com/files/66ddde35-f2ef-4242-880e-ba751bc04957/10649330509.pdf
  • https://94ac7338-8c66-48ed-b7e4-01cccba3eff0.filesusr.com/ugd/9b8421_e74373dd0ce8462d8c4b8d31373960ee.pdf?index=true
  • https://1afae0f6-9e35-4dc9-9db7-5dbf78511926.filesusr.com/ugd/afe78f_4a14ac0aa1a54110a9128991564cbdc2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/1f13317f-e54b-41a6-9a83-ed95783e258b/16447552180.pdf
  • https://uploads.strikinglycdn.com/files/0cfc897e-5c96-4f21-b90d-fa0ae577fe70/what_is_the_order_of_operations_in_math_equations.pdf
  • https://uploads.strikinglycdn.com/files/97de47f8-0a4d-4390-9d0d-6ab58986beac/fundamentals_of_heat_and_mass_transfer_8th_edition_rental.pdf
  • https://eadb47d6-6712-4ecd-aa5a-2cdcf2d90b86.filesusr.com/ugd/c844bf_a15b0df5a942493ca8f66e59badecf9d.pdf?index=true
  • https://22449060-8e30-4723-8828-967625cce342.filesusr.com/ugd/eddc50_55352174337e436b9f16c3baca75694a.pdf?index=true
  • https://eed7fa7e-4f31-4ba6-8269-e73f07ac74c5.filesusr.com/ugd/93374d_ba6382e815b3402d98c8f3ccdcb5eb0a.pdf?index=true
  • https://67dec473-0a9c-497c-80b1-62a4c84c5046.filesusr.com/ugd/0aab01_29a4b47c1db64e34a622ce2242de2d91.pdf?index=true
  • https://8acf0fc4-2da8-4686-9788-d7840b5449fc.filesusr.com/ugd/fab691_430df35411b54fa3803ea39a03c2e77a.pdf?index=true
  • https://uploads.strikinglycdn.com/files/dce6fee9-3668-4c12-a9f9-77f60c6a3aa7/pabamodo.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.