Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crophysi.ru/strik?utm_term=hunger+games+mockingjay+part+1+end+credits+song PDF link annotation

  • http://iciko.xyz/kowosoretuvosawipljax9.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4412592/normal_606712ef2e7c2.pdfIn PDF document text
  • http://leomannapov.com/948420636450ndwh.pdfIn PDF document text
  • http://m-ryanaf.site/1994_honda_accord_engine_swapb8vjd.pdfIn PDF document text
  • http://hermidkovo.info/sevewiziripuzotoxozafx10.pdfIn PDF document text
  • http://medicalpracticementor.com/sezolezitudi8t1cv.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4410415/normal_605abbe9427b1.pdfIn PDF document text
  • http://poopo.ru/army_height_and_weight_standardswtn7m.pdfIn PDF document text
  • http://potozafit.medianewsonline.com/pidutenanu.pdfIn PDF document text
  • http://about-central.com/75313527200lulb7.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4469638/normal_5fe2bc087b45b.pdfIn PDF document text
  • http://fuxutigox.mypressonline.com/vivapanegazotaxugubagaxu.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4381752/normal_5ffb75d534872.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4374859/normal_6016b6cbab734.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://59bb578d-b312-442a-858b-1a1a54b18a6c.filesusr.com/ugd/c79b1c_c90cd978554f40fe8d8bb83d9985f9a7.pdf?index=trueIn PDF document text
  • https://b2fc43c4-60ab-4dc1-a1c8-84833fda4e2a.filesusr.com/ugd/37321e_03c7923843ae48c289ccafa56e8a0162.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/704e33cb-638d-4768-be1c-9ad93f79c89a/31628256039.pdfIn PDF document text
  • https://edefa294-c65c-46c5-840b-8a4669b9fdfe.filesusr.com/ugd/e4a001_03691b0cfae14608a3e39fce455c61b5.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/fb3f308c-11f9-43c9-81f8-2e07d6ffef69/wavox.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5117c158-578f-4b38-80bd-481867a3174c/79820268661.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/5788ef3a-3292-48a1-8cf3-587f4df528bd/soundarya_lahari_slokas_tamil.pdfIn PDF document text
  • https://59548cc9-d6a6-4b2e-bd73-2bfb7290c7b5.filesusr.com/ugd/3fd21f_5e218db14c4d4dfcb264cd7a77287871.pdf?index=trueIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.