Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/strik?utm_term=sony+ps-lx300+turntable+review In PDF document text

  • http://artrosil.xyz/wonuza9z6xl.pdfIn PDF document text
  • https://ruvatekokero.weebly.com/uploads/1/3/1/4/131437102/4504234.pdfIn PDF document text
  • https://zopizegojuv.weebly.com/uploads/1/3/1/3/131380511/33797b7ceb6.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4383689/normal_5fd78a7139322.pdfIn PDF document text
  • http://vipmanmarket.space/54717629507jc6hp.pdfIn PDF document text
  • http://pixelbarista.com/loctite_243_safety_data_sheet8phxj.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4408599/normal_60129d5f7da4d.pdfIn PDF document text
  • http://sberpodarok2020.online/setotolelifoxopafirazibotgia2n.pdfIn PDF document text
  • https://mojenosude.weebly.com/uploads/1/3/1/3/131382274/c7afd91ed.pdfIn PDF document text
  • https://sabiwivilo.weebly.com/uploads/1/3/4/3/134316676/3550083285368f0.pdfIn PDF document text
  • http://pijakonojimuw.iblogger.org/fortnite_battle_royale_game_size.pdfIn PDF document text
  • http://renijulemigato.iblogger.org/9414931884.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4416321/normal_5ff24a7b361b8.pdfIn PDF document text
  • https://segalupozido.weebly.com/uploads/1/3/0/7/130738693/nevagexukogi-bekuda-wujapa.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4451949/normal_5fc7a839c9a1d.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://s3.amazonaws.com/vukumesoj/app_cache_cleaner_android.pdfIn PDF document text
  • https://s3.amazonaws.com/nonipesikiri/senadevezazese.pdfIn PDF document text
  • http://migepelulu.epizy.com/celebrate_jesus_celebrate_sheet_music_free.pdfIn PDF document text
  • https://s3.amazonaws.com/dazinibonofobi/2017_chrysler_pacifica_hybrid_user_manual.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.