Malicious PDF — malware analysis report

Heuristics 4

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/award?keyword=oxford+english+to+bangla+dictionary+pdf+download

  • http://lorakuze.sportsontheweb.net/jesutiwutameziwev.pdf
  • http://wikowezenitezo.medianewsonline.com/bipolar_junction_transistor_biasing.pdf
  • http://fuzirirofo.iblogger.org/how_to_connect_polk_sound_bar.pdf
  • http://ductsunlimitedins.com/88153282184c5jmu.pdf
  • http://gubuxuk.scienceontheweb.net/xalariwarekumoropitelatam.pdf
  • http://groby-ritual.online/28787013114agkse.pdf
  • https://cdn.sqhk.co/sovebiba/3T5gfii/bavoriva.pdf
  • http://pedumerik.sportsontheweb.net/xexajemomule.pdf
  • http://kadaxejob.mypressonline.com/flir_one_android_usb-c_thermal_imaging_camera_for_android.pdf
  • http://dimopun.mywebcommunity.org/third_grade_spelling_words.pdf
  • http://milktree.store/hcf-2_transmission_fluid_napaqwvem.pdf
  • http://kakolamilasaru.medianewsonline.com/what_is_the_timeline_of_the_world.pdf
  • https://cdn.sqhk.co/doxurozupu/gehbe1x/ginawepusotafu.pdf
  • http://somenem.iblogger.org/61905986070.pdf
  • https://cdn.sqhk.co/bifoligi/36MgfdD/69206859426.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://uploads.strikinglycdn.com/files/eb80bb7f-e6a8-4f53-92f0-11c99c9914ff/over_the_rainbow_violin_sheet_music_grade_3.pdf
  • https://uploads.strikinglycdn.com/files/587d5e92-d04e-4988-88c1-20101de66b41/wine_enthusiast_wine_refrigerator_repair.pdf
  • http://mexesumofiruvaf.rf.gd/nixijurizabekaxefakala.pdf
  • https://uploads.strikinglycdn.com/files/68cef777-2d0b-435c-bc05-d106e56c1019/fesovoni.pdf
  • http://tubujaj.epizy.com/voseg.pdf
  • http://fawikinego.myartsonline.com/pilot_aptitude_test_maths.pdf
  • https://uploads.strikinglycdn.com/files/6975e005-e239-48a9-92f6-6dc88454ff21/2014_jeep_patriot_owners_manual.pdf
  • https://uploads.strikinglycdn.com/files/3ce13d44-1245-47fd-be1f-c04a1a194e86/zinapafew.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.