Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://kuzutuzo.ru/strik?utm_term=aristotle+nicomachean+ethics+happiness+summary PDF link annotation

  • https://static.s123-cdn-static.com/uploads/4381740/normal_5ff8d417c6423.pdfIn PDF document text
  • http://linavaluviriv.getenjoyment.net/99257494210.pdfIn PDF document text
  • https://cdn.sqhk.co/mulepava/igrLaBD/92609974320.pdfIn PDF document text
  • https://cdn.sqhk.co/dofexoxev/iciaSge/64215206143.pdfIn PDF document text
  • http://dawexefif.getenjoyment.net/burkert_solenoid_valve.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4419225/normal_5fff790e71f3e.pdfIn PDF document text
  • https://cdn.sqhk.co/vugomupuzisa/aCieict/electricity_bill_check_gujarat_pgvcl.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4489245/normal_6038570f52232.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/c40cba17-d5c9-4f18-92d6-9483f4b6c6c6/52890691229.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/1932871d-c651-4405-ba36-ff726847c754/29308191849.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/617d40be-20e4-4d83-a0a2-1cefde7a2f3e/where_is_the_model_number_on_a_ruud_furnace.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/300cd0c8-21ff-40d8-9438-c8ede40a13a3/kitchenaid_superba_fridge_ice_maker_removal.pdfIn PDF document text
  • http://xanedemu.onlinewebshop.net/lejifef.pdfIn PDF document text
  • http://sazurufupamaxa.myartsonline.com/apparel_production_terms_and_processes.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7b162d09-b8fb-4a50-9234-46a7f1d592dc/5429686546.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/214e7a47-f90e-47e8-8dfc-3358c89431d9/what_are_all_the_different_types_of_drums.pdfIn PDF document text
  • https://6f1239e7-da96-47bf-8adb-22d47a96a9da.filesusr.com/ugd/bb5a15_9d6217d6e55c4156b2acaf21c32cc729.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/39c2aa59-89fd-4fb6-86b3-9c1bcc5973b4/asus_z97a_bios_boot.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/09366e61-3b12-4b6f-a8b5-9e052ba4ba5e/tintin_comics_in_hindi.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/891b3c03-e211-4e3f-9279-ee270c30f2ed/lajitozegexodekisemaku.pdfIn PDF document text
  • https://e216d865-ddc7-438b-99b2-64609380b1bb.filesusr.com/ugd/7ae8b3_efda1b69e11b48fb90d5fb86f3b68a74.pdf?index=trueIn PDF document text
  • https://7ffdda70-5d62-4f0e-9eb1-843e96ef3fab.filesusr.com/ugd/8c5bc8_51a8729f55b04ff5a06bbdb37f3b1103.pdf?index=trueIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.