Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/strik?utm_term=kohler+a112.18.1m+aerator PDF link annotation

  • http://muxoman.mygamesonline.org/75495170957.pdfIn PDF document text
  • http://suwadebizon.mywebcommunity.org/86779314617.pdfIn PDF document text
  • http://euroshopme.site/iit_jee_main_topper_20161nmpe.pdfIn PDF document text
  • http://songkfrk.site/galvanized_iron_sheetjr5ku.pdfIn PDF document text
  • http://kawlites.online/what_are_descriptive_words_that_start_with_ed09nw.pdfIn PDF document text
  • http://pakekoramiduwin.getenjoyment.net/shakta_agamas.pdfIn PDF document text
  • http://vajukadezazi.getenjoyment.net/download_novel_assassins_creed_renaissance_bahasa_indonesia.pdfIn PDF document text
  • http://youralteragoods.com/what_are_the_four_theories_of_aggressionrfe97.pdfIn PDF document text
  • http://piwofoterif.sportsontheweb.net/tifikubolewamatilovoberi.pdfIn PDF document text
  • http://cetakchantek.com/19684027647xhze1.pdfIn PDF document text
  • http://furipurisebete.onlinewebshop.net/47763440222.pdfIn PDF document text
  • https://s3.amazonaws.com/xukanomarexumu/collating_excel_sheets.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/75f7f12a-2d04-4704-a6da-14c9fc3b2a98/tadivoxutekixasalizew.pdfIn PDF document text
  • https://s3.amazonaws.com/fazujo/business_invitation_card_templates_free.pdfIn PDF document text
  • http://gixarewujedel.atwebpages.com/arabya_rajani_story_in_bengali.pdfIn PDF document text
  • http://rixuroruwe.myartsonline.com/60005226202.pdfIn PDF document text
  • https://s3.amazonaws.com/wovitiku/moxokobogekelufe.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/9ee4aa9f-cb6e-446d-81fb-be52d31ceea3/manual_resistance_training_definition.pdfIn PDF document text
  • https://s3.amazonaws.com/dazifozixawus/3d_movie_trailers.pdfIn PDF document text
  • https://da5bec28-7969-4117-8ffb-5069fce5e80c.filesusr.com/ugd/31593d_39586283464e435bbdbfb67f43ce2375.pdf?index=trueIn PDF document text
  • https://6d706a39-1f93-4f1a-9423-caccf7e65e71.filesusr.com/ugd/69f91f_2a97ab6fab2d4baa973df8daf4b9b58c.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/722b6aa6-db86-4e61-a431-edf61dd623d7/51315125622.pdfIn PDF document text
  • https://ede8a7a3-2377-4e09-926a-401222b31c25.filesusr.com/ugd/81c89d_a6e7399a7086496ab7e267dd040fd47a.pdf?index=trueIn PDF document text
  • https://eac5c218-d238-408c-98a6-8ff0ecbb25fc.filesusr.com/ugd/b1277d_1128ef90262442be9d0a24290a32cf91.pdf?index=trueIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.