Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crewmak.ru/uplcv?utm_term=how+to+hack+brawl+stars+2021

  • https://nabijdefossa.nl/upload/files/kasatusovuxixawi.pdf
  • http://skrabl.pl/www/rpbd/fck/file/laxakaf.pdf
  • http://abwingsde.com/uploads/files/48654237967.pdf
  • https://propertiproperty.com/Uploads/userfiles/files/55368259592.pdf
  • http://cdmvt.cz/sites/default/files/66855506657.pdf
  • http://galeriejacqueselbaz.com/userfiles/file/vataxugorovotewaridefon.pdf
  • https://engineeredrepinc.com/wp-content/plugins/super-forms/uploads/php/files/92efb380f74039948f15e1968c7aaebf/83907899214.pdf
  • https://study-abroad-travel.com/ckfinder/userfiles/file/wikirizarefiwefotofalibow.pdf
  • http://mas.vacations/wp-content/plugins/formcraft/file-upload/server/content/files/160f9c329c799b---60713724361.pdf
  • https://jlgardner.org/home/jlg/public_html/ckfinder/userfiles/files/juvijodukukimi.pdf
  • https://law.com.sg/wp-content/plugins/super-forms/uploads/php/files/ae21c1cc77f1390910eb2195cf5abc4a/63668396871.pdf
  • http://russkiivopros.com/images/FCKeditor/file/89601414226.pdf
  • http://chineseclothingonline.net/File/68974618930.pdf
  • https://law.myvzl.com/wp-content/plugins/super-forms/uploads/php/files/6nuue6lvofuilie3b8t7rhji05/49569989236.pdf
  • http://www.emporiocaritaspisa.it/wordpress/wp-content/plugins/formcraft/file-upload/server/content/files/16080616a16ad7---ledokuwamexari.pdf
  • https://dmvassociates.com/wp-content/plugins/super-forms/uploads/php/files/f3b9c8d8717731063f7a044a4b7fb6f1/ditufumivewirikuvebipogo.pdf
  • http://ihvanturizm.com/rsm/files/letedoremowufezurug.pdf
  • http://probeg2000.ru/files/userfiles/files/51766588506.pdf
  • http://www.wallisandemmanuel.com/wp-content/plugins/formcraft/file-upload/server/content/files/160ac847a7da54---nobaritiwotiviguvagugubiv.pdf
  • http://kirsanov-maslo.ru/uploads/lupemilukopisuj.pdf
  • https://growlocals.com/wp-content/plugins/super-forms/uploads/php/files/9cd11286f67f9a9b093cd3c3b54d32e1/58716517124.pdf
  • http://m-camper.ru/ckfinder/userfiles/files/nogudeboxanowatanosaki.pdf
  • http://dejavu.sourceforge.net
  • http://dejavu.sourceforge.net/wiki/index.php/License

Open this report in the interactive analyzer, or submit your own file for analysis.