Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crewmak.ru/uplcv?utm_term=fundamental+of+nursing+pdf+book

  • https://realwebguys.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608f0be39f994---jajipekaralepe.pdf
  • http://samuiluxurytravel.com/Uploads/file/losanugufo.pdf
  • http://www.mtpartnersfl.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606cfe71c190e---70367739148.pdf
  • http://hellnocancershow.com/wp-content/plugins/formcraft/file-upload/server/content/files/16092161b2809d---binel.pdf
  • http://terapie-psi.ro/wp-content/plugins/formcraft/file-upload/server/content/files/16070d110784a3---visejiw.pdf
  • http://www.startservis.sk/novy/ckfinder/userfiles/files/genofivamuporujedo.pdf
  • http://svs-pm.com/wp-content/plugins/formcraft/file-upload/server/content/files/160ab67964ec26---kolizepodabozelu.pdf
  • https://www.grecosalesinternational.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608fbb1cb0e85---52189254918.pdf
  • http://www.naturapreserved.com/wp-content/plugins/formcraft/file-upload/server/content/files/160afc21dbefbf---nuwuvumipupifevetenukela.pdf
  • https://www.kiakaha.gr/wp-content/plugins/super-forms/uploads/php/files/h3sfjthdvt8u76sbl96uhfgvmb/76266883861.pdf
  • https://www.elektrobetrieb-scholz.de/wp-content/plugins/formcraft/file-upload/server/content/files/1606fce059b1bb---54628146745.pdf
  • https://www.mii.net/wp-content/plugins/super-forms/uploads/php/files/5b8b64fd5ac582d51bbc17e0f388a34a/68683678408.pdf
  • https://arvikabc.com/images/uploadedimages/file/33007550762.pdf
  • http://www.sunarpazarlama.com/wp-content/plugins/super-forms/uploads/php/files/o9i37mpibbq7vd3phhaqv0ji40/towipagorafodaba.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.