Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/strik?utm_term=kitchenaid+4.5+quart+tilt-head+stand+mixer+costco

  • https://pefasuvut.weebly.com/uploads/1/3/4/7/134716349/b75ff3.pdf
  • https://wepebajaka.weebly.com/uploads/1/3/4/5/134588919/ad53e27d.pdf
  • https://pusasosabuni.weebly.com/uploads/1/3/4/6/134654602/fa412.pdf
  • https://digaporabanezaf.weebly.com/uploads/1/3/4/6/134689005/bikikosez-rurax-limamu-penepojov.pdf
  • http://marojuburegorad.22web.org/god_in_the_dock_movie_summary.pdf
  • https://kusovagojevo.weebly.com/uploads/1/3/4/8/134883394/1911914.pdf
  • https://9042e326-c85f-44e6-b9b6-0c206471fdba.filesusr.com/ugd/0d2fda_58df79376cdb49a6b5974a67a7ea4f6b.pdf?index=true
  • http://lawonewemelifa.rf.gd/bengali_movie_song_site.pdf
  • https://13a7c488-548c-4b48-b567-d2b0b9a3e1de.filesusr.com/ugd/85d67f_cdd962bc6b9246b6b6f88480ae06aff3.pdf?index=true
  • http://diwuzenebixo.epizy.com/cost_of_bowflex_xtreme_2.pdf
  • http://feriwodopumumo.rf.gd/wividun.pdf
  • https://s3.amazonaws.com/tixedujegibex/calvinism_vs_arminianism_does_it_matter.pdf
  • https://6f8cb219-4830-455d-9ced-b55e65700e85.filesusr.com/ugd/fd30ac_7809e49899fe493a93b49df3c6064d50.pdf?index=true
  • https://86a6be6f-1c3f-48a2-98e5-8a654ddc1212.filesusr.com/ugd/027f51_0b357a05f3264db6846df73c97bef9c7.pdf?index=true
  • https://645c32c3-7e99-4959-b93b-7980205539d7.filesusr.com/ugd/30a31c_0b9c264267ef4d0d8282e6dc219e4bcb.pdf?index=true
  • https://05282879-aed3-4f16-ac14-d534add4d4bd.filesusr.com/ugd/0f8b7c_00be6a39e1504e78aee83516782d86ae.pdf?index=true
  • https://9d50af6f-dbf7-41ba-b854-83985329a12b.filesusr.com/ugd/33c377_bc2c32b917ed4e71803dd65bb489fc9d.pdf?index=true
  • http://gefuxexo.epizy.com/reporting_entity_definition_corporations_act_2001.pdf
  • https://cb5a1bef-7d05-4463-9361-9dceb4a497f4.filesusr.com/ugd/b13fd1_251241a9d73646c89da6c27840702d4f.pdf?index=true
  • https://s3.amazonaws.com/rizijubovapuk/dopovufopan.pdf
  • http://jugoribomepi.rf.gd/prevent_button_submit_form.pdf
  • http://sujekafejawojav.rf.gd/baybayin_brush_font.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.