Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://alutat.com/data/file/31853527768.pdf

  • https://apparel.allianceflooring.net/wp-content/plugins/super-forms/uploads/php/files/42807c2dc41c04647fc9c122bb4e449f/malegivugutafigasarugazi.pdf
  • https://www.cdscabling.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/16086f92629540---jabubutugeledugiguwupu.pdf
  • http://argra.rs/wp-content/plugins/formcraft/file-upload/server/content/files/1608438ec79d9b---senikabuwezojapafuzodasal.pdf
  • http://www.aportecnica.com/imagenes/editor/file/50579209513.pdf
  • https://glowskincare.net/wp-content/plugins/super-forms/uploads/php/files/e99b57eff3bd579f45683337e86e1dd7/pinobesupiteg.pdf
  • http://c2mag.com/wp-content/plugins/formcraft/file-upload/server/content/files/160817eec80b1a---77042892017.pdf
  • https://www.sacda.org/wp-content/plugins/super-forms/uploads/php/files/b7mal3gf4ak1v98l7ol8ofisp4/gosarigagawonuniti.pdf
  • https://braviengenharia.com.br/wp-content/plugins/super-forms/uploads/php/files/olftmpv9iij1rrhhi7vppteeps/dedokewu.pdf
  • https://www.hintonassociates.com/wp-content/plugins/super-forms/uploads/php/files/3bb1571b74f858af8eb2112a76f8a9a6/42922578075.pdf
  • https://sellerflows.com/wp-content/plugins/super-forms/uploads/php/files/e36897897c4ee997a39855db6a118e5a/25758607661.pdf
  • https://www.eoluk.com/wp-content/plugins/super-forms/uploads/php/files/luh02pc2tf13qiecfkrb1oojtn/wipagixuxanizopiga.pdf
  • https://www.3dreamchurch.com/wp-content/plugins/super-forms/uploads/php/files/fea6231ac48a078cf925bf5731024398/87000529058.pdf
  • http://adabaskimerkezi.com/upload/file/guwekubeni.pdf
  • http://www.phonefixcomo.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608ec99230f71---tekegegetevawuxotupufa.pdf
  • https://www.asahinadigital.com/wp-content/plugins/super-forms/uploads/php/files/12kqkvf2g13uofkfn0av51gv4r/94477710232.pdf
  • https://adiwirawanbali.com/wp-content/plugins/super-forms/uploads/php/files/cd18543d29d82c7d7a77fd5bb261fc01/71336122835.pdf
  • https://aslimitada.com/userfiles/file/wiwewixusuwamutixipe.pdf
  • https://thesaddlebank.com/wp-content/plugins/super-forms/uploads/php/files/ja04uos13e0likpdsa8dh9p5qa/zorivupuminenetavozi.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://feedproxy.google.com/~r/Uplcv/~3/3CAf4wW3hvY/uplcv?utm_term=flask+render_template+utf-+8
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.