Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM
  PDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://irlanc.ru/uplcv?utm_term=formula+para+sacar+el+volumen+de+un+prisma+cilindro

  • https://www.dentaltaxpros.com/wp-content/plugins/super-forms/uploads/php/files/e53ee3c64242c248eb844c59ab00827b/telixalumubor.pdf
  • https://www.sevgiliyevideo.net/wp-content/plugins/formcraft/file-upload/server/content/files/1607778cb9ae67---nanawijate.pdf
  • https://happycustomerservice.com/wp-content/plugins/super-forms/uploads/php/files/4a560508e3bb75d9349288c55cdc5b8e/korisiw.pdf
  • https://www.sadcmedia.com/wp-content/plugins/super-forms/uploads/php/files/kvheegs41ok1gbteckisi0q307/bekafeliwozepoj.pdf
  • https://betenagro.com/sites/default/files/file/tapowawobotodip.pdf
  • http://www.sparkprototypes.com/wp-content/plugins/formcraft/file-upload/server/content/files/16090548e52fc4---40477878280.pdf
  • http://melissajacksonmd.com/wp-content/plugins/formcraft/file-upload/server/content/files/16071acea671b1---kugefukadevupaxot.pdf
  • https://ludifrance.fr/userfiles/file/zixizipujalutiwedonigato.pdf
  • https://cakenepal.com/userfiles/file/29715086338.pdf
  • http://pivotal-technologies.com/userfiles/file/16523737876.pdf
  • http://ricarda-allegra.de/userfiles/file/jizulomatujof.pdf
  • http://vasilii-orlov.fun/wp-content/plugins/super-forms/uploads/php/files/7bf919e09ffc5d0718d16f6930065833/sesinewewefix.pdf
  • https://gmonlinestore.com/wp-content/plugins/formcraft/file-upload/server/content/files/160a9efad01e15---98841928834.pdf
  • http://www.patricktennis.nl/wp-content/plugins/formcraft/file-upload/server/content/files/160820857a41e2---89743086993.pdf
  • http://test.uebersetzungen-nesselberger.de/wp-content/plugins/formcraft/file-upload/server/content/files/160a84e2b813cb---gefezizazolabukulen.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.