Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/strik?utm_term=star+trek+discovery+season+3+episode+release+schedule In PDF document text

  • https://cdn-cms.f-static.net/uploads/4490720/normal_606041f431c2a.pdfIn PDF document text
  • https://gizivesokopupa.weebly.com/uploads/1/3/2/6/132696604/99bd375e20c.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4419225/normal_5fff78b5d9d78.pdfIn PDF document text
  • http://iceteas.space/uscis_forms_i-_130a2g8yx.pdfIn PDF document text
  • https://sonikegusu.weebly.com/uploads/1/3/3/9/133997348/janirawowupefar-navoraniwufe-lirazoxugonu-wasawuta.pdfIn PDF document text
  • https://litusavetedi.weebly.com/uploads/1/3/4/4/134445261/4290918.pdfIn PDF document text
  • https://zezonusadife.weebly.com/uploads/1/3/1/4/131410479/menitunefegir.pdfIn PDF document text
  • http://ing-cliente.com/tascam_dr_100_mkiii_revieweulx1.pdfIn PDF document text
  • http://mozabufapimil.epizy.com/art_history_podcasts_2020.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/0f5fc1a8-83be-456c-a56e-d15608ffc953/nys_dmv_school_bus_road_test.pdfIn PDF document text
  • https://746420f6-3007-491b-ba72-fd43be5094e5.filesusr.com/ugd/277b62_fab5a59eb00741eb8c05a9213ef8e5e7.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/72187e53-63fc-4b4e-b44c-36bfcd443049/how_do_i_change_the_color_on_my_p_touch_label_maker.pdfIn PDF document text
  • https://6998e30b-c911-4113-ab34-4c15204891c7.filesusr.com/ugd/429b25_4dd0e69e5201415d8693e3981f8ce694.pdf?index=trueIn PDF document text
  • https://fa202315-5cd5-4006-9a99-7c5d4406650e.filesusr.com/ugd/61804c_3ed82eabc8ed4c82b8388e88407f71e8.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/8d24b87e-cea1-4f5e-af36-2399231cb466/beats_by_dr_dre_solo_hd_cable.pdfIn PDF document text
  • https://8772a198-af03-49ef-8724-5feb7546cb8a.filesusr.com/ugd/436f04_e01150be24c14c8980c40699f80537fb.pdf?index=trueIn PDF document text
  • http://lobivovakebala.epizy.com/toyota_corolla_2009_engine_oil.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f7a46684-6c43-4562-9ca0-3b303c01d47e/godaddy_wordpress_hosting_free_ssl.pdfIn PDF document text
  • http://joxisuzu.rf.gd/bab_iv_akreditasi_puskesmas.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.