Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://jottigo.ru/award?keyword=penatalaksanaan+asma+pdpi+pdf PDF link annotation

  • http://dejojikeresofo.iblogger.org/how_to_calculate_number_of_years_experience_in_excel.pdfIn PDF document text
  • http://tujozavido.66ghz.com/what_is_games_in_physical_education.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/57db6c34-5531-48c2-b041-bbf180a4408b/walujotesegozesito.pdfIn PDF document text
  • https://s3.amazonaws.com/lakadutof/bunny_live_stream_apk_mod.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e1819f20-1e6c-4ec6-97f4-db133116991f/90723164733.pdfIn PDF document text
  • https://s3.amazonaws.com/mejobu/lab_report_plasmolysis_about_onion_cell.pdfIn PDF document text
  • https://f89b8795-a90f-4359-81e0-6309601a98d9.filesusr.com/ugd/8e7730_c14fed419c9246c6a0bd5bb288a691a9.pdf?index=trueIn PDF document text
  • https://2c8134a4-d865-4da1-8961-c755d7242105.filesusr.com/ugd/6dcf04_b7a16334db974f948741bb08f98a94c6.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/28ca8217-03d0-4bae-9f05-b207085558e7/how_to_ignite_a_hot_water_heater.pdfIn PDF document text
  • https://s3.amazonaws.com/vebogotexaf/porcentaje_de_cesareas_en_mexico_2018.pdfIn PDF document text
  • https://89f68ddc-9f98-4e60-8afa-3e0ca6603e9e.filesusr.com/ugd/4725f1_8bf6700ad58f49d5960f5d82c8660795.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/d00b1b39-3dbd-4c0c-a5f3-f7645764cd12/don_fink_half_ironman_training_plan.pdfIn PDF document text
  • https://6997f972-013f-4c6f-ac95-4179ba17a557.filesusr.com/ugd/549e1a_94091950cc4046d8b4fcea76b800500a.pdf?index=trueIn PDF document text
  • https://s3.amazonaws.com/toliwudalamem/4097712026.pdfIn PDF document text
  • https://s3.amazonaws.com/mexijegedakol/54388757302.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d27a0865-fbdd-4b9b-b0c2-2972ca468c4f/mr._minner_the_grandparents_day_song_lyrics.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7a731674-1774-4a9e-9f55-8f2177ebe39f/niduwiwukurujekevura.pdfIn PDF document text
  • http://javixisapuv.epizy.com/xexolulafaka.pdfIn PDF document text
  • http://tevisub.rf.gd/devils_tower_climbing_guides.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/4a3456aa-a65c-416b-ad9c-bf9a9c44eb45/lokudafigum.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.