Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINK
  PDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
• Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
  Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://richmondvideoservices.com/uploads/1/3/0/5/130588334/f8f1d3a57d90c72.pdf

  • http://thefirsttimes.com/uploads/1/3/0/7/130739234/tagegesamasipav_xalotemisuzafeg.pdf
  • http://tamparunningcoach.com/uploads/1/3/0/2/130289760/1874788.pdf
  • http://meganrhiannemua.com/uploads/1/3/0/4/130476514/b1b70c94ea51.pdf
  • http://www.bevilacquaguitars.com/uploads/1/3/0/7/130776066/zugodag.pdf
  • http://www.batterupchildersburg.com/uploads/1/3/0/5/130539139/nimibinidabus.pdf
  • http://mrspecialties.net/uploads/1/3/0/2/130289772/7236289.pdf
  • http://www.littleguyscopyandprint.co.nz/uploads/1/3/0/5/130550742/kajugume.pdf
  • http://votepolzin.com/uploads/1/3/0/9/130969298/detuduvorezix-kosakererorotas-ropuzebezatix-xezudumiwiwalo.pdf
  • http://thearchitectsofsound.com/uploads/1/3/0/5/130546290/2582173.pdf
  • http://thelifecompanyllc.com/uploads/1/3/0/5/130541445/281005.pdf
  • http://elliemaysgrowingupridgeback.com/uploads/1/3/0/7/130740128/xarisosuj.pdf
  • http://www.vasterfallet.se/uploads/1/3/0/8/130874408/4385194.pdf
  • http://lotuskidsyoga.net/uploads/1/3/0/7/130775827/vitime.pdf
  • http://providencemarket.net/uploads/1/3/0/5/130544539/2259238.pdf
  • http://webdisk.whiteschapelumc.com/uploads/1/3/0/2/130270938/05407392ecf1c2.pdf
  • http://prettylittlewaistline.com/uploads/1/3/0/4/130488964/7356356.pdf
  • http://team.synergymhs.org/uploads/1/3/0/4/130489572/ed2ad60f3.pdf
  • http://naualli.net/uploads/1/3/0/4/130488429/39d0f16c52.pdf
  • http://www.nevepalmer.com/uploads/1/3/0/2/130288731/d831b34bb.pdf
  • http://thairapist.com/uploads/1/3/0/4/130490461/wagelalegebur.pdf
  • http://artfulbeingfineart.com/uploads/1/3/0/6/130639157/velaxebup_kagebebedefa.pdf
  • http://biomedicalwritingandeditingbyl.com/uploads/1/3/0/6/130639463/pitelaneji.pdf
  • http://bshelart.com/uploads/1/3/0/7/130776578/c65cfd419.pdf
  • http://shopbluebridge.com/uploads/1/3/0/7/130739454/7497493.pdf
  • http://thymeouttravel.voyagerwebsites.com/uploads/1/3/0/6/130621557/130621557.html#descargar+programa+de+pdf+gratis+en+espa%C3%B1ol

Open this report in the interactive analyzer, or submit your own file for analysis.