Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://midufefew.ru/award?keyword=fake+medical+certificate+pdf+australia PDF link annotation

  • https://kukibujez.weebly.com/uploads/1/3/1/6/131637652/1009203.pdfIn PDF document text
  • https://gifenatewa.weebly.com/uploads/1/3/4/4/134480542/mozabi_devoguxugu_ruxipalokelo.pdfIn PDF document text
  • http://watulexop.iblogger.org/tekemamit.pdfIn PDF document text
  • https://resodarapasak.weebly.com/uploads/1/3/4/6/134659305/zuwadinejurorevilexu.pdfIn PDF document text
  • https://cdn.sqhk.co/mivufarowiwi/hsjgxij/xifafovemuligilawinozab.pdfIn PDF document text
  • https://cdn.sqhk.co/tesosunimew/3gehdge/zokuxoremopanagelonawajif.pdfIn PDF document text
  • https://cdn.sqhk.co/matezafun/Tppgeji/lijemiten.pdfIn PDF document text
  • https://cdn.sqhk.co/pajubopolak/gguOwgi/wordscapes_all_levels_cheat.pdfIn PDF document text
  • http://fodadasome.iblogger.org/pictograph_and_bar_graph_worksheets.pdfIn PDF document text
  • https://cdn.sqhk.co/xorilulog/hdYmhcu/realistic_cake_artist_near_me.pdfIn PDF document text
  • http://sokuzise.iblogger.org/dikul.pdfIn PDF document text
  • https://cdn.sqhk.co/riroxale/hXnecid/gesuwunerinabizuxefozu.pdfIn PDF document text
  • https://cdn.sqhk.co/riwifesineji/uZje1if/college_student_plan_apple_music.pdfIn PDF document text
  • https://cdn.sqhk.co/torazanopuni/ejiiaif/add_widgets_to_lock_screen_iphone_ios_14.pdfIn PDF document text
  • https://dagakaxogofawi.weebly.com/uploads/1/3/4/6/134699425/nivitezofemakud_samino_parowekiva_linuxipegulitex.pdfIn PDF document text
  • https://jitebemaduk.weebly.com/uploads/1/3/4/6/134692965/9dd5a0a.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://nataxos.epizy.com/jquery_ajax_tutorial.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7749ece7-4a95-4bf7-9c79-8c8eb75ae120/the_scarlet_pimpernel_song_lyrics.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/32ffb1b0-9739-46d5-b37c-fd07e8e0f9c9/86912732533.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.