Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://mezovuduw.ru/award?keyword=canon+eos+7d+user+manual+pdf

  • http://converstarget.ru/ligaes_nanda_nic_noc_download6hw2z.pdf
  • https://wibujiwegawej.weebly.com/uploads/1/3/4/8/134899761/xinobozuxiradozog.pdf
  • https://cdn.sqhk.co/bitajububida/ijbiagf/tutorial_edit_lightroom_cc_ala_selebgram.pdf
  • http://vienvozvrat.site/468396930309h8hn.pdf
  • https://cdn.sqhk.co/verexoleki/iipxiao/wapenele.pdf
  • https://kesozelakix.weebly.com/uploads/1/3/5/3/135300748/lizipaf.pdf
  • http://posadukik.getenjoyment.net/10681371782.pdf
  • https://zopojezumaze.weebly.com/uploads/1/3/1/6/131637354/medaz.pdf
  • http://suvolupijiro.mygamesonline.org/candide_voltaire_franais.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://72a23b54-95c1-47c0-80d6-f7b1310faeb8.filesusr.com/ugd/65b209_0fcd42441dd14c70ba06b1d520b709c1.pdf?index=true
  • https://uploads.strikinglycdn.com/files/a4a95a17-d883-409c-aa96-40cef8d6c7e1/dutexuma.pdf
  • https://ec560393-4650-4708-bf0c-d08fceb8458c.filesusr.com/ugd/ca69db_c25b8d61a6d64eb6bc6cd364f7e87f44.pdf?index=true
  • https://0ac950e2-707a-4e47-8bf4-daface0ea9db.filesusr.com/ugd/356f11_59a06f87e374476d92f80497623872da.pdf?index=true
  • https://df1882fa-13c5-42f1-8438-577935b594b9.filesusr.com/ugd/91932b_84ee85bcbeef4dec9cf86f31a06a2544.pdf?index=true
  • http://kofaxafogi.myartsonline.com/english_grammar_rules_free_download.pdf
  • http://vawanumezal.onlinewebshop.net/library_classification_and_cataloguing.pdf
  • https://uploads.strikinglycdn.com/files/47e9b968-29c1-4de6-a5fe-606bb4ae34a3/wasorokuni.pdf
  • https://uploads.strikinglycdn.com/files/13324fb0-d3c9-496b-8379-90a7ad62eba1/nodobajefoxiladatinut.pdf
  • https://uploads.strikinglycdn.com/files/a7c6cef5-44c2-4614-ab25-8c06879933d2/how_to_use_a_mr_coffee_grinder.pdf
  • https://uploads.strikinglycdn.com/files/91e5be23-870c-4053-95ee-a76b9829383f/why_my_battery_is_draining_too_fast.pdf
  • http://jabodegodonirad.atwebpages.com/dirt_devil_power_max_xl_walmart.pdf
  • https://168d2a81-f750-40c6-a653-3787650f980d.filesusr.com/ugd/3bcfef_c195ebbe239045db821edc085c7f192e.pdf?index=true
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.