Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://vilenefex.ru/award?keyword=medical+equipment+technical+specification+pdf PDF link annotation

  • http://suzamajotibe.mywebcommunity.org/texas_instruments_ti-30x_iis_standard_deviation.pdfIn PDF document text
  • http://pozuvixa.getenjoyment.net/fenexas.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4405654/normal_60176bf6c12ac.pdfIn PDF document text
  • http://zobotalemogi.sportsontheweb.net/what_does_cutting_apple_mean_in_a_dream.pdfIn PDF document text
  • http://jovefupe.mywebcommunity.org/ue_megaboom_pairing_two_speakers.pdfIn PDF document text
  • http://marifivelaj.mygamesonline.org/ashrae_fundamentals_handbook_2013_free.pdfIn PDF document text
  • http://gupirigugorixuf.sportsontheweb.net/68775819725.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4484636/normal_5fe2520d84b1e.pdfIn PDF document text
  • http://dusamoka.mywebcommunity.org/medical_dictionary_english_to_tamil_download.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4471690/normal_5fc8c4d5cf916.pdfIn PDF document text
  • http://tokexal.medianewsonline.com/18910941351.pdfIn PDF document text
  • http://ganedoxumizaj.sportsontheweb.net/vivofit_jr_2_spider_man_red_band.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4486521/normal_5fd13a1439a9c.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4456135/normal_6037470a27c04.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://989244f3-426d-4557-b4f1-0018dac9047c.filesusr.com/ugd/57c819_fa4c01c4ceda494da07b6d7b917d4612.pdf?index=trueIn PDF document text
  • http://geforagegi.atwebpages.com/37614365539.pdfIn PDF document text
  • https://eda93683-a6ca-45e9-8056-ca7adea7f1dc.filesusr.com/ugd/d655db_225c0d63889a49a9ae834e4a58de3d74.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/gedexim/nalufi.pdfIn PDF document text
  • https://s3.amazonaws.com/jedadokuti/object_oriented_analysis_and_design_multiple_choice_questions_and_answers.pdfIn PDF document text
  • https://s3.amazonaws.com/kaxukok/hosanna_hillsong_guitar_sheet_music.pdfIn PDF document text
  • https://411be8f8-4ba1-40b5-9edf-cc4a2c3d5ecc.filesusr.com/ugd/a86d68_7519ea6ac20b4ae9aa057892e72d5f14.pdf?index=trueIn PDF document text
  • http://vekamodadon.onlinewebshop.net/89213613074.pdfIn PDF document text
  • https://d497f082-4895-42de-a72c-038d9367c8a3.filesusr.com/ugd/8e727b_ed7c13c2c68643839995f8ffb482987a.pdf?index=trueIn PDF document text
  • http://xekabotiwuker.atwebpages.com/torafalov.pdfIn PDF document text
  • https://s3.amazonaws.com/nuselufuzo/nusadegebevipej.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.