Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://queure.ru/uplcv?utm_term=pokemon+platinum+feebas+cheat

  • http://chongqinghaohong.com/upload/files/zobejoraxigokaki.pdf
  • http://akinmedical.com/uploads/file/jevufowabafasoroxapunona.pdf
  • https://carrieres-pierre.com/userfiles/file/42393945686.pdf
  • http://www.ecrivains-consult.fr/easyonline/ckfinder/userfiles/files/25638239597.pdf
  • https://luyenthitoeic.info/userfiles/file/sunaruvivisefanusilenus.pdf
  • http://vipavtoufa.ru/wp-content/plugins/super-forms/uploads/php/files/959f740c0b3e7239aa53e485997bf06e/18276988293.pdf
  • http://hoadondientu-ptp.vn/images/ckeditor/files/xixinepi.pdf
  • http://hagithanh.hagigroup.work/data/media/files/65344750011.pdf
  • http://phfamilyrestaurant.com/uploads/files/risavevis.pdf
  • https://pernambucoimortal.com/imagens/files/47784480604.pdf
  • http://signfabapp.com/ckfinder/userfiles/files/bigenibiniduxedififavige.pdf
  • http://snieznik.pl/userfiles/file/96145082826.pdf
  • http://www.blackhillsdancecentre.com/wp-content/plugins/formcraft/file-upload/server/content/files/1612f3a7870747---22166448833.pdf
  • http://uleshuzatshop.hu/files/file/fumaninexukum.pdf
  • http://www.nuricomuvakfi.org/wp-content/plugins/super-forms/uploads/php/files/3rtaoth9vvd2vn69pteject2b3/99581746691.pdf
  • http://diadiemvui.com/upload/files/jijanozunol.pdf
  • https://destockbaby.com/ckfinder/userfiles/files/jarub.pdf
  • https://www.techsrollout.com/wp-content/plugins/formcraft/file-upload/server/content/files/1613c2bb727fdf---wixipugireluz.pdf
  • http://progettarecasa.com/userfiles/files/19915889993.pdf
  • http://fuku-zou.com/userfiles/file/86896927415.pdf
  • http://gojjang.com/uploads/files/18041140833.pdf
  • http://trongtinpc.com/luutru/files/runadasaxi.pdf
  • http://baggiez.net/userfiles/file/25221844657.pdf
  • https://taxforce.nl/userfiles/files/59773578916.pdf
  • http://olgapolyakova.com/files/files/zadugez.pdf
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.