Malicious PDF — malware analysis report

Heuristics 3

• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://feb.chekhov-tour.ru/uploads/2020/01/29/lisamowenorup.pdf In PDF document text

  • https://gajidekuw.weebly.com/uploads/1/3/0/5/130588885/6098997.pdfIn PDF document text
  • http://carlyhaecktherapy.weebly.com/uploads/1/3/0/4/130483153/xowilikuxotet_vokebonesolab_naxatokap.pdfIn PDF document text
  • http://555-jeudirouge.fr/uploads/1/3/0/5/130590716/a99db238.pdfIn PDF document text
  • http://cincoranchpoolbuilders.com/uploads/1/3/0/6/130620651/motiwa-mizofevokosemiz-guwolex.pdfIn PDF document text
  • http://james-read.com/uploads/2020/01/28/af951aa3d78ef.pdfIn PDF document text
  • http://voridul.colt-russia.ru/uploads/2020/01/29/9609030.pdfIn PDF document text
  • http://zodiac-whisperer.com/uploads/1/3/0/3/130379049/kozukogekidupin.pdfIn PDF document text
  • http://jum.support-account.net/uploads/2020/01/27/kimeresagazalezino.pdfIn PDF document text
  • http://defense-elec-corp.com/uploads/1/3/0/5/130590209/130590209.html#diferencia+entre+autista+y+aspergerIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.