Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Image-heavy PDF with invisible link to suspicious domain high PDF_SUSPICIOUS_LINK_LURE
  PDF is a small image-heavy lure with invisible link annotations that send the user to a suspicious high-risk-domain URI. This matches credential-phishing carriers where the visible document is only a prompt and the real collection flow happens on the linked website.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/strik?utm_term=cambridge+igcse+biology+book+online

  • http://copyrightshelpscenters.com/gandii_baat_season_2_anveshi_jaing5ag8.pdf
  • http://firstflirts.site/why_is_child_led_learning_importantsrfy5.pdf
  • http://alex-chekalev.com/zubenikimotavoxovezeke6wh89.pdf
  • http://logvoz.ru/noriwi2jjyx.pdf
  • http://ericksandoval.com/total_gym_1100_exercisesi8lik.pdf
  • http://securityofusersdevicesonline.site/aqa_gcse_biology_book_answersygzyt.pdf
  • http://emirofficialzm.com/bezanamenomoruezxc3.pdf
  • http://5-euro.info/the_ecology_of_human_developmentndhxc.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://s3.amazonaws.com/liwafo/ejercicios_resueltos_de_estadstica_moda_mediana_y_media.pdf
  • http://fobagiludo.rf.gd/emotional_intelligence_and_leadership.pdf
  • https://c0a42e0f-4cce-4e1b-84a6-2a5440198d67.filesusr.com/ugd/440b6d_29e8de9d181c4cd7a2af13e4dd21c443.pdf?index=true
  • https://s3.amazonaws.com/tojazudibumogab/fipozu.pdf
  • https://c9254e9e-0e71-498a-8384-ab4c929b52b4.filesusr.com/ugd/0699ff_365f49bb224e43ec9422d49d79b5651f.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d2f8a88b-aed7-43ee-a987-7731c6c21a87/hayward_ecostar_sp3400vspvr.pdf
  • https://s3.amazonaws.com/widuxade/germes_anarobies.pdf
  • https://d5e9a058-cbdc-4968-ba72-30cdbf1e36a3.filesusr.com/ugd/9cfd0a_487de696dbb243a3a6e59543c920fc02.pdf?index=true
  • http://bubejukajogimis.epizy.com/mevavijinafatopetubepej.pdf
  • https://4cf6c2b4-cd84-4b73-83b1-bf7f441162b2.filesusr.com/ugd/e50c99_4ca9e11720824f91b41aed8a8c0e4d84.pdf?index=true
  • https://uploads.strikinglycdn.com/files/4be1f8da-9787-4638-8642-4713a0a51aa6/sunale.pdf
  • https://s3.amazonaws.com/daxemo/moonlight_sonata_3rd_movement_sheet_music_piano.pdf
  • https://uploads.strikinglycdn.com/files/33fd5d37-6da8-4fb2-baf5-6f22bbb8dad7/how_to_find_base_of_trapezoidal_prism.pdf
  • https://s3.amazonaws.com/jotizifime/wuwisororup.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.