Malicious PDF — malware analysis report

Heuristics 3

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://childrensliteratureassembly.com/uploads/1/3/0/5/130588605/pefitevem_najipiko.pdf

  • http://joy-by-design.org/uploads/1/3/0/5/130588861/c8eb34257a3.pdf
  • http://thisislark.com/uploads/1/3/0/6/130604804/7197624.pdf
  • http://www.nomadicwellness.com/uploads/1/3/0/4/130494059/8815032.pdf
  • http://mta-sts.mail.yourchoicepettransport.com/uploads/1/3/0/7/130739060/f79b5a.pdf
  • http://nelslehtinen.com/uploads/1/3/0/5/130588457/vozinewojigi-rixofusokete.pdf
  • http://austincustomshop.com/uploads/1/3/0/8/130873802/xokeverufog-bukosilul-geparav-pexifinenunir.pdf
  • http://mayaarchaeology.net/uploads/1/3/0/8/130814234/binun-jemup-falevis.pdf
  • http://saferescuefordogs.com/uploads/1/3/0/6/130604508/sotutilelove.pdf
  • http://www.noon649.org/uploads/1/3/0/6/130604737/fagomekotojiriguvile.pdf
  • http://kreativekidsworld.com/uploads/1/3/0/4/130436006/130436006.html#ncert+8th+class+english+grammar+book+pdf
  • http://mta-sts.mail.yourchoicepettransport.com/u

Open this report in the interactive analyzer, or submit your own file for analysis.