Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LURE
  Document tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
• ClickFix social engineering attack high SE_CLICKFIX
  Document instructs the user to press Win+R or paste a command into a terminal — consistent with ClickFix attacks that bypass macro restrictions by tricking users into running malicious commands directly
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://www.bakerassociatesinc.com/uploads/1/3/0/9/130969937/pofomipotesuxelu.pdf

  • http://thesocialbride.com/uploads/1/3/0/6/130604824/dogasuzojez.pdf
  • http://mail.coffeegraceoils.com/uploads/1/3/0/5/130551021/merek-molizadasebi-bedezeriti.pdf
  • http://slayedalteregos.com/uploads/1/3/0/2/130272512/zeloxaperalave.pdf
  • http://mymaxtax.com/uploads/1/3/0/6/130604030/liwigonerojiruna.pdf
  • http://onedirectiontickets.net/uploads/1/3/0/5/130551258/walenisejomowojojog.pdf
  • http://duraclub.ca/uploads/1/3/0/4/130478831/wemedemilap.pdf
  • http://www.memecuisine.net/uploads/1/3/0/4/130483236/genitofaxopo_wabire.pdf
  • http://littledreamers.net/uploads/1/3/0/2/130287808/letuzanur.pdf
  • http://rainbowrehabtherapy.com/uploads/1/3/0/4/130490808/retox.pdf
  • http://romanpublications.com/uploads/1/3/0/5/130543369/9431127.pdf
  • http://facebookbailbonds.com/uploads/1/3/0/5/130540402/6704140.pdf
  • http://www.figurati.net/uploads/1/3/0/6/130621076/788359.pdf
  • http://spdcpa.ca/uploads/1/3/0/5/130538985/godujaka.pdf
  • http://magicklymodern.shop/uploads/1/3/0/7/130775972/1586216.pdf
  • http://chrisusey.com/uploads/1/3/0/2/130271214/luvugubat_topelixis.pdf
  • http://ntoumei.com/uploads/1/3/0/7/130739697/dubiralomutekale.pdf
  • http://apoaaxi.org/uploads/1/3/0/6/130604616/vikojaxire_rodogeb_biwuxobafarib_ruwawef.pdf
  • http://www.ewa4ewa.us/uploads/1/3/0/7/130738753/fazafen.pdf
  • http://unwindutopia.com/uploads/1/3/0/8/130874600/5efb90bdd7c0361.pdf
  • http://runnersofthenish.com/uploads/1/3/0/8/130814065/4637535.pdf
  • http://0ws5k.bpmtc.com/uploads/1/3/0/6/130639757/130639757.html#microsoft+natural+ergonomic+keyboard+4000+linux+driver
  • http://www.adobe.com/).Noto
  • http://www.google.com/get/noto/http://www.adobe.com/type/This
  • http://scripts.sil.org/OFLNoto

Open this report in the interactive analyzer, or submit your own file for analysis.