Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://www.realfinancialcoach.com/uploads/1/3/0/6/130604320/nixurez-tukep.pdf

  • http://chadallers.com/uploads/1/3/0/6/130639875/xejemelizidum_ketiwokogap.pdf
  • http://createpowtoon.com/uploads/1/3/0/3/130313220/mewevudozogos_rawokamazema_supoxu.pdf
  • http://elizabethbrowndesign.com/uploads/1/3/0/7/130775833/1284885.pdf
  • http://catering.abc.it/uploads/1/3/0/7/130776536/106c23e545c.pdf
  • http://nuezdejabon.com/uploads/1/3/0/2/130287514/1698651.pdf
  • http://zuada.org/uploads/1/3/0/5/130588907/sesuzugokaverog.pdf
  • http://buysellbell.com/uploads/1/3/0/7/130775862/5032493.pdf
  • http://weilerandborst.com/uploads/1/3/0/7/130739210/xezunexezexip_pinijobolupifo_puwax.pdf
  • http://helenshanks.org/uploads/1/3/0/7/130739766/7540943.pdf
  • http://www.creditschooltuescueladecredito.com/uploads/1/3/0/5/130551704/novibofodawope_tukalufupabewav_rogimi.pdf
  • http://www.lucianaluna.com/uploads/1/3/0/3/130313294/pepuwopesegubunamepi.pdf
  • http://mail2.gandpdesigns.com/uploads/1/3/0/9/130969498/nepijavas-bopir-fugur.pdf
  • http://www.ancilliaryconsultinggroup.com/uploads/1/3/0/6/130603855/7830713.pdf
  • http://workingclasskids.com/uploads/1/3/0/4/130435909/kumigasowukidebus.pdf
  • http://arkstore.shop/uploads/1/3/0/7/130738821/panijebuson-novavurapawe.pdf
  • http://bearsvsbabiesgame.net/uploads/1/3/0/2/130274291/7803658.pdf
  • http://nazga.org/uploads/1/3/0/6/130620154/rojaminixulap_maxavajusaw.pdf
  • http://northalabamavinylspecialists.com/uploads/1/3/0/6/130604517/pigemanidulasoz.pdf
  • http://slightedgedesign.com/uploads/1/3/0/2/130289519/3162388.pdf
  • http://www.iowabirthactivists.org/uploads/1/3/0/4/130476086/e3eb22215.pdf
  • http://www.selenialimited.com/uploads/1/3/0/6/130603747/7727400.pdf
  • http://suzanne-bond.org/uploads/1/3/0/4/130478760/lofigisil.pdf
  • http://mingateachers.com/uploads/1/3/0/7/130738629/suxusekumumuzixa.pdf
  • http://mgeducationfund.org/uploads/1/3/0/5/130551684/5251379.pdf
  • http://webmail.gammaxiques.org/uploads/1/3/0/4/130488227/130488227.html#html5+embed+pdf

Open this report in the interactive analyzer, or submit your own file for analysis.