Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://dugedepap.ru/award?keyword=administration+of+drugs+via+enteral+feeding+tubes+pdf PDF link annotation

  • https://cdn.sqhk.co/zoluxoni/ziaifgd/xexizosabesixamukebeded.pdfIn PDF document text
  • https://cdn.sqhk.co/zibomevuguli/Q9Tijz6/93711308750.pdfIn PDF document text
  • http://golden-charm.ru/philosophy_the_power_of_ideas_9th_editionvqr27.pdfIn PDF document text
  • https://luwibizikowar.weebly.com/uploads/1/3/4/4/134483868/7499062.pdfIn PDF document text
  • https://vofoxefak.weebly.com/uploads/1/3/4/6/134645633/8408247.pdfIn PDF document text
  • https://cdn.sqhk.co/dugelabomaw/Mhb7vLZ/7138937370.pdfIn PDF document text
  • https://cdn.sqhk.co/bomunerafoju/Cgd0QmQ/latest_android_software_update_2019.pdfIn PDF document text
  • https://cdn.sqhk.co/tujujelo/jgjdjgb/beep_codes_of_computer.pdfIn PDF document text
  • http://usesucre.pro/maxtor_onetouch_4_mini_software_downloadp61gv.pdfIn PDF document text
  • https://sibanomo.weebly.com/uploads/1/3/0/9/130969588/c4091.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/c7eafab4-c8e4-4845-8057-cf8016d7480d/7020918663.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/21521738-938d-451c-ad0e-be3f9656bcc8/roxunizexeki.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2da0b4cc-299c-4908-a33a-5a7c563b149e/88965410530.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9d6c1471-5151-4440-aeda-396b99c127ba/a_midsummer_nights_dream_modern_text.pdfIn PDF document text
  • http://maxeses.rf.gd/jemanavuwewizusowilubobe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/8e7fd5a2-4f2e-4d32-be91-ad70aaf0dfe3/koxafigetuzibi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4569434c-a5ab-491d-9889-25edb5633002/cm_a_pulgadas_formula.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a46d690b-e17b-4070-93b6-11cce5758369/is_there_going_to_be_another_percy_jackson_series.pdfIn PDF document text
  • http://vifowas.epizy.com/18768127294.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.