Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://golowaki.ru/award?keyword=cambridge+dictionary+pdf+file+free+download PDF link annotation

  • https://fojevatiseme.weebly.com/uploads/1/3/4/4/134400043/26bd423c4303.pdfIn PDF document text
  • https://kudixofob.weebly.com/uploads/1/3/4/8/134891239/kamiwud-xatubekuxef.pdfIn PDF document text
  • https://cdn.sqhk.co/faroziwe/cQLjjhj/quarter_coin_pusher_machine_near_me.pdfIn PDF document text
  • https://cdn.sqhk.co/sufipuxifemo/oBibWha/exit_the_maze_3d_labyrinth_labirin_run_games.pdfIn PDF document text
  • https://sugelama.weebly.com/uploads/1/3/4/8/134898925/zonoxe-wafamefise-majen-terekarutaz.pdfIn PDF document text
  • https://cdn.sqhk.co/wuxegejedak/hZGjau4/ninja_turtles_legends_apk_offline.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4391317/normal_5fd1a4d1bc4bf.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4457296/normal_603c860c580e7.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4527859/normal_5fdd2e8633821.pdfIn PDF document text
  • http://finuxezanasa.mygamesonline.org/burus.pdfIn PDF document text
  • https://cdn.sqhk.co/reriwoduriju/jbjeiaT/splash_potion_of_weakness_id_bedrock.pdfIn PDF document text
  • http://jasazotinalol.mygamesonline.org/45421784081.pdfIn PDF document text
  • https://cdn.sqhk.co/zovitamojim/aiegfia/kung_fu_hustle_full_movie_english_sub.pdfIn PDF document text
  • https://dutizadip.weebly.com/uploads/1/3/4/8/134889078/3944026.pdfIn PDF document text
  • https://cdn.sqhk.co/retagigimusa/jljcunh/redbox_movies_coming_soon.pdfIn PDF document text
  • https://movamapipimopi.weebly.com/uploads/1/3/5/3/135303402/wugigezesadoje.pdfIn PDF document text
  • https://cdn.sqhk.co/dugixikisim/whbhe8j/83189254063.pdfIn PDF document text
  • https://cdn.sqhk.co/bavisimupux/YUXNhjF/dude_perfect_football_video_game.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://gojeduxodevesif.epizy.com/61523296723.pdfIn PDF document text
  • http://jeloneliva.epizy.com/latest_java_windows_7_64_bit.pdfIn PDF document text
  • http://rurebirafana.epizy.com/88232163429.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.