Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jumiwimov.ru/strik?utm_term=intermatic+outdoor+light+timer+instructions PDF link annotation

  • http://reggis.info/gufefibudedemadixhh0un.pdfIn PDF document text
  • http://tibujodokerijer.22web.org/zunazimopadevamof.pdfIn PDF document text
  • http://xavelodezazil.iblogger.org/axiforma_regular_free.pdfIn PDF document text
  • http://trysol.xyz/dogagaretimof38g7n.pdfIn PDF document text
  • http://wukixijolori.iblogger.org/regasifogel.pdfIn PDF document text
  • http://lnstagramoriginal.com/gizalaketigagovv4r1a.pdfIn PDF document text
  • https://cdn.sqhk.co/lifupowaseli/g0BhhaI/kabazasivefiwan.pdfIn PDF document text
  • https://cdn.sqhk.co/kafevinuva/jgggdic/defender_24_hour_segment_timer_manual.pdfIn PDF document text
  • http://italiahot.fun/67739696939j1a15.pdfIn PDF document text
  • http://igonlinesupport.com/gas_constant_r_for_air_englishqni6x.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/zetubakuz/kazurenivip.pdfIn PDF document text
  • https://s3.amazonaws.com/waxapoz/54800428657.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c21012af-2890-412a-86ea-93314b35aeb1/8149189566.pdfIn PDF document text
  • http://zatejufeg.rf.gd/31530228391.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9787bcd4-94a2-4398-a7ae-4755fd357b82/thrustmaster_hotas_xbox_one_x.pdfIn PDF document text
  • https://s3.amazonaws.com/rezugekolaba/present_continuous_passive_exercises_with_answers.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9ac7e5a1-f53b-427b-92d1-5ad47ea54e6c/74584577571.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/43594923-7710-4c63-a610-6c188528e771/asp.net_mvc_core_attribute_routing.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8fe696b5-222a-4a56-a49a-65f517f1ab84/ridgid_miter_saw_10_inch.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/83b985e8-f267-42e9-be19-1e9de3f55426/27568400415.pdfIn PDF document text
  • https://s3.amazonaws.com/jefazaxal/fifty_shades_of_grey_boxed_set.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8bbc49e1-bb87-4635-8f19-c5d98294bdff/jvc_smart_tv_apps_not_working.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.