Malicious PDF — malware analysis report

Heuristics 5

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://pelibifir.ru/award?keyword=mariano+azuela+obras+pdf

  • https://cdn-cms.f-static.net/uploads/4421770/normal_5fd8dd09c3d15.pdf
  • https://cdn-cms.f-static.net/uploads/4459466/normal_60377f0c8619f.pdf
  • https://xogevowizixid.weebly.com/uploads/1/3/0/9/130969953/disizagorumagafe.pdf
  • http://xedeporib.medianewsonline.com/1970_ford_mustang_mach_1_428_cobra_jet_value.pdf
  • https://nebomigefut.weebly.com/uploads/1/3/4/3/134359696/dubusunalo_monidexo_gukibafop.pdf
  • https://pewarefat.weebly.com/uploads/1/3/4/3/134361746/xeguferesevosu_susamukikasiji_wunozeloxudosuj.pdf
  • http://paselon.getenjoyment.net/visoxubogusaruxugugeno.pdf
  • http://giwudogor.scienceontheweb.net/35673350484.pdf
  • http://vijevejumozugim.sportsontheweb.net/56599037651.pdf
  • https://muxupodijem.weebly.com/uploads/1/3/4/8/134885552/nutunatavokex.pdf
  • https://lejimawemo.weebly.com/uploads/1/3/0/7/130739028/d401e449f43d.pdf
  • http://naxuvazexipok.sportsontheweb.net/amelie_notes_piano.pdf
  • https://vukuzimina.weebly.com/uploads/1/3/4/1/134109202/3235531.pdf
  • https://nezozavigarej.weebly.com/uploads/1/3/4/7/134727028/1367551.pdf
  • https://cdn-cms.f-static.net/uploads/4450625/normal_604fe4f96ad4f.pdf
  • https://zagiwesojuju.weebly.com/uploads/1/3/2/7/132712322/35fcd885cd535.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • https://51956041-da35-40aa-96c1-085c1f47c80d.filesusr.com/ugd/e6e573_5491a65b713f4e2ba1272151cc7066d2.pdf?index=true
  • https://uploads.strikinglycdn.com/files/1ef96b98-eb4b-4519-97b2-95b9297e4754/42072826009.pdf
  • https://da5bec28-7969-4117-8ffb-5069fce5e80c.filesusr.com/ugd/31593d_a67ab5520a2343428f46f6b6a78355c8.pdf?index=true
  • https://uploads.strikinglycdn.com/files/f3baa952-a18b-4c43-be0a-dc973ec79fa2/3224418108.pdf
  • https://uploads.strikinglycdn.com/files/8ba8d41e-e89c-4b3e-be95-28212de6bebd/ms_word_table_of_contents_levels.pdf
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.