Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crophysi.ru/wix?keyword=ut+tom+black+track In PDF document text

  • http://magazinrf.xyz/xolefegopapozinemkhc.pdfIn PDF document text
  • http://familyit.pro/jingle_bells_bass_guitar_sheet_musicygyr8.pdfIn PDF document text
  • https://malafusid.weebly.com/uploads/1/3/2/8/132815748/gogirosopateg.pdfIn PDF document text
  • https://rosujukasawi.weebly.com/uploads/1/3/5/3/135301647/8078214.pdfIn PDF document text
  • https://xevulesej.weebly.com/uploads/1/3/0/8/130874496/1423778.pdfIn PDF document text
  • http://fb-ig-copyright.com/68493967721xe7w8.pdfIn PDF document text
  • http://orbitan.fun/william_faulkner_a_rose_for_emily1pjfr.pdfIn PDF document text
  • http://kraftmann.su/mesa_boogie_dual_rectifier_head8h2q6.pdfIn PDF document text
  • http://interbank.link/zufalabllrxo.pdfIn PDF document text
  • http://simkosa.website/3798803965587u6y.pdfIn PDF document text
  • http://prodit.space/28362098778i99tl.pdfIn PDF document text
  • https://funugunuxu.weebly.com/uploads/1/3/4/3/134384448/ed78730db.pdfIn PDF document text
  • http://bbflowers.net/43963492613wu2pt.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • https://uploads.strikinglycdn.com/files/6967a440-37a6-4826-aacd-30443ec0ad4e/sibar.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/b1be4417-e8b5-4ac3-af4b-a87ecff03dee/ingersoll_rand_ssr-ep150_parts.pdfIn PDF document text
  • https://f85e9a30-dbb9-40fd-a66d-53bd7daafe07.filesusr.com/ugd/1b9faa_20a6e91f2e65445f83d398392c90c267.pdf?index=trueIn PDF document text
  • https://e924225a-aa46-4bfc-8e56-7341551e1833.filesusr.com/ugd/54dfea_72a47abc47df4779bc9cfd9bbdb0662a.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/915421d3-3bd7-40e2-9a77-71647179e7b1/53850013477.pdfIn PDF document text
  • http://dapizodipe.myartsonline.com/luvevojerevizepum.pdfIn PDF document text
  • http://tososite.onlinewebshop.net/how_to_fix_a_craftsman_air_compressor.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/84585541-535b-41e1-b450-0f3712deb820/83523435740.pdfIn PDF document text
  • https://35479656-6a94-44d6-ac55-da507c14a2ae.filesusr.com/ugd/d68318_3b09d08439b84165b5d8ea21163de079.pdf?index=trueIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.