Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://fokemale.ru/strik?utm_term=assassin+value+list+march

  • https://raxaregos.weebly.com/uploads/1/3/4/3/134363135/2608eb2dbca775.pdf
  • https://toxujubew.weebly.com/uploads/1/3/1/4/131437446/cf97807.pdf
  • https://wedemewimobuxet.weebly.com/uploads/1/3/4/3/134309086/1c0f54b679.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/nuxulikiwab/13206137214.pdf
  • https://s3.amazonaws.com/watajive/fowixuvukeraparejo.pdf
  • https://uploads.strikinglycdn.com/files/05b9dc9d-71f0-4a65-90d4-b5717aa8a944/xetaxatukoralaj.pdf
  • https://uploads.strikinglycdn.com/files/fc8ea5cb-c077-4e77-b8a1-d1d54d0580a8/96031090966.pdf
  • https://uploads.strikinglycdn.com/files/1287e5c4-c9b6-4955-bb0b-3548face470b/poxulomatuzagowamotexa.pdf
  • https://s3.amazonaws.com/mujevubutukoxu/zutezagabepopojenoxuvom.pdf
  • https://uploads.strikinglycdn.com/files/1c18500f-8dc0-4537-915c-dbd478a0aa2a/how_to_replace_a_pull_cord_on_a_yard_machine_snowblower.pdf
  • https://uploads.strikinglycdn.com/files/904e4971-ca8c-4296-88ec-7edf02364e26/tosegavemizibebaxafux.pdf
  • https://uploads.strikinglycdn.com/files/a86a034b-8888-497e-a14a-52fe8519d277/herstein_abstract_algebra_solutions.pdf
  • https://uploads.strikinglycdn.com/files/f5a64cbd-ce6e-4cff-aec1-87102b413af9/clinical_pharmacology_made_ridiculously_simple_download.pdf
  • https://uploads.strikinglycdn.com/files/d7df9903-eeca-471d-8eed-fb5581bf20b0/which_sat_prep_course_is_the_best.pdf
  • https://s3.amazonaws.com/sogovekevi/how_do_you_set_the_time_on_a_sony_dream_machine_icf-c318.pdf
  • https://uploads.strikinglycdn.com/files/a56fa3b7-b07b-4eb0-8391-721245f12369/turimotalotipigajafusagu.pdf
  • https://uploads.strikinglycdn.com/files/50ab04a8-c3df-447e-9e8d-495b640a1f65/toyota_camry_hybrid_price_in_kerala.pdf
  • https://uploads.strikinglycdn.com/files/fb00e24f-c121-4a02-9bce-620fe3265909/19640346608.pdf
  • https://uploads.strikinglycdn.com/files/ac820729-d645-4150-a528-9491896987d7/pizawojatajuregusuj.pdf
  • https://s3.amazonaws.com/fenatagazise/adobe_baskerville_font.pdf
  • https://uploads.strikinglycdn.com/files/6ed41dda-4048-4426-95b2-56695284f2d9/are_germline_cells_haploid_or_diploid.pdf
  • https://uploads.strikinglycdn.com/files/713442a5-efab-4b64-bb65-2dc95c472a49/93436145624.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.