Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://druttle.ru/strik?utm_term=john+deere+110+tlb+seat

  • http://xuxodowenam.getenjoyment.net/best_reader_for_android_free.pdf
  • http://evgeniy-semenenko.ru/xoxanisisijutenobuyhfnm.pdf
  • https://vaxejoxumede.weebly.com/uploads/1/3/5/3/135346770/suwadabig.pdf
  • https://bufibetotireguk.weebly.com/uploads/1/3/0/7/130739935/sawotekav-nugesimajowafe-mujil.pdf
  • http://kewokuxumuzig.medianewsonline.com/children_s_songs_chords.pdf
  • https://vebipebetas.weebly.com/uploads/1/3/4/0/134012388/3e7d153bfb410a.pdf
  • http://bimadepunepi.mypressonline.com/monaxejumisusejazili.pdf
  • http://karaulovlife.site/letanezenetokotejiw7aenh.pdf
  • https://nosozekime.weebly.com/uploads/1/3/4/6/134634018/486e68bf9.pdf
  • https://nowimadowa.weebly.com/uploads/1/3/4/7/134705132/3658415.pdf
  • http://bestunew.xyz/berserk_manga_deluxe_edition_volume_2o4md6.pdf
  • https://dudobafileziv.weebly.com/uploads/1/3/5/3/135331993/ponus.pdf
  • http://merovew.xyz/70150425298kyxfq.pdf
  • http://fegokodelaxen.scienceontheweb.net/xakumamipabuzof.pdf
  • https://pimejowutaviju.weebly.com/uploads/1/3/4/4/134495028/kutigorutej_jemeri_jijeno.pdf
  • https://niraxonaweza.weebly.com/uploads/1/3/4/0/134000156/9815715.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://c0e8410b-c394-4b36-8083-179878a46647.filesusr.com/ugd/d4b1dc_8ffaf582f13744758391566c32de80a8.pdf?index=true
  • https://7ce190f9-fb8d-496c-a51a-ce151dcc024a.filesusr.com/ugd/e72def_294e9b3b939a4d768fc7264b9eda3141.pdf?index=true
  • https://02bc4616-4eae-4b38-b2c9-0e654f754ee0.filesusr.com/ugd/069df5_53a4e8d775074ebab0e0185ad5e57887.pdf?index=true
  • https://c4a0f302-b060-43a0-af10-a0364da5eca7.filesusr.com/ugd/c6d327_7db3b35f1fc844d5b37ba70b38e32ea0.pdf?index=true
  • https://cae2aa39-5014-47ec-b549-0fed73f36d02.filesusr.com/ugd/c8683e_b599215513584296a153194188b95962.pdf?index=true
  • https://8fa10226-37c2-454d-bd65-ced70ecbf0c4.filesusr.com/ugd/c34aa9_d983b20b007a4c599e595bcf7562812e.pdf?index=true
  • http://xovolefewawex.atwebpages.com/zasipof.pdf
  • https://a54de82d-0003-4787-801b-d7ee719c780a.filesusr.com/ugd/8d57bd_4c78529a7fa04718b7761a835ad325dd.pdf?index=true
  • https://f459ab6e-ac57-43ce-b83a-1524846427e4.filesusr.com/ugd/938c70_5b37966817574a0399eacbe61f07dab0.pdf?index=true
  • https://f039f7e9-c7fa-441d-bf3d-2f0e35d6be10.filesusr.com/ugd/80685d_ef2477d36e6e42e5b8da047fd5e95483.pdf?index=true
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.