Malicious PDF — malware analysis report

Heuristics 3

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://percorsidarte.com/uploads/1/3/0/2/130291441/5362587.pdf

  • http://buckbucklestein.com/uploads/1/3/0/6/130639273/8898195.pdf
  • http://worldofcoffee-dublin.com/uploads/1/3/0/6/130604949/ea7444.pdf
  • http://crimsonshadowpack.com/uploads/1/3/0/6/130621392/gofunoxovulaba.pdf
  • http://juneaudining.com/uploads/1/3/0/7/130775897/8354ae464a75791.pdf
  • http://friend-vibes.com/uploads/1/3/0/2/130289748/tavefebukiwi_vatikasipeg_pubuzajugulabe_sogatisenoru.pdf
  • http://discoverhomestores.com/uploads/1/3/0/6/130621163/valiwir_gonebufiduwipir_febirasole.pdf
  • http://northwestfineartstudio.com/uploads/1/3/0/3/130323835/e04f6b33add.pdf
  • http://stdesignmatters.com/uploads/1/3/0/7/130740166/6735614.pdf
  • http://mjyoga.net/uploads/1/3/0/4/130476427/waxevegezinuxa_nawujab_bedox_mufupe.pdf
  • http://matterportservices.com/uploads/1/3/0/4/130435509/9ef5995ca.pdf
  • http://dancinggoatsanctuary.com/uploads/1/3/0/7/130739980/130739980.html#can+i+convert+pdf+to+word+in+adobe+reader

Open this report in the interactive analyzer, or submit your own file for analysis.