Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
  Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://down-the-block.com/uploads/1/3/0/5/130551023/wakijuz.pdf

  • http://aialumassage.com/uploads/1/3/0/2/130289611/34aaed6ae.pdf
  • http://www.minimalteacher.com/uploads/1/3/0/5/130551920/c3d5430a53.pdf
  • http://my-zero-stress.com/uploads/1/3/0/6/130604162/pufisitif.pdf
  • http://enduringlovememorials.com/uploads/1/3/0/6/130621906/2750493.pdf
  • http://justgreatcareers.com/uploads/1/3/0/6/130621051/4358805.pdf
  • http://nakedroots1.com/uploads/1/3/0/5/130543369/nuwakujabapaw.pdf
  • http://maltaglasscreations.com/uploads/1/3/0/4/130477335/30c9a9f100e.pdf
  • http://artsestate.com.au/uploads/1/3/0/6/130605094/guvotuna.pdf
  • http://app5.online/uploads/1/3/0/2/130270813/lirodu.pdf
  • http://bakednbonedpdx.com/uploads/1/3/0/2/130289322/kuwozesusaxed.pdf
  • http://ihrtechservices.net/uploads/1/3/0/5/130589036/vonufamivigipeg_rujokuz_ramakoxadig.pdf
  • http://slumber.blog/uploads/1/3/0/7/130739520/fitoranogufeletutos.pdf
  • http://canopymgm.com/uploads/1/3/0/6/130604125/93e37c3610aa.pdf
  • http://www.visualjunkie.co/uploads/1/3/0/4/130436173/87cfc093.pdf
  • http://newcoursecompliance.com/uploads/1/3/0/5/130588627/4b162bccd1eae87.pdf
  • http://driedspicedapples.com/uploads/1/3/0/2/130291441/zexogowupuzi_tonerukiwakuti_kovutuwisusa.pdf
  • http://screencircus.com/uploads/1/3/0/5/130589180/bebarizapipafu-sezudugezesu-wudenuragitolog.pdf
  • http://godofsea.org/uploads/1/3/0/7/130739286/somibofodulego.pdf
  • http://taiyangchengyazhouxinyukoubeiruhe.f18.ebkf.org/uploads/1/3/0/2/130289669/nisuxagorekuw.pdf
  • http://margeauxsplace.net/uploads/1/3/0/4/130476866/polirukukow-xewuwo.pdf
  • http://battlebuilding.com/uploads/1/3/0/8/130815008/3823582.pdf
  • http://democrathollow.com/uploads/1/3/0/4/130483864/3698815.pdf
  • http://myeclecticyoga.com/uploads/1/3/0/7/130775732/timajizoxetisapolu.pdf
  • http://graysay.tech/uploads/1/3/0/6/130621865/detivit-jovitanipege.pdf
  • http://host10.carmichaelnl.com/uploads/1/3/0/3/130323506/130323506.html#wb+pay+commission+calculator
  • http://fedorahosted.org/lohit
  • https://savannah.gnu.org/projects/freefont/
  • http://www.gnu.org/licenses/
  • http://www.gnu.org/copyleft/gpl.html

Open this report in the interactive analyzer, or submit your own file for analysis.