Malicious PDF — malware analysis report

Heuristics 5

• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
  PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 62 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://yafferge.ru/award?keyword=sql+server+dba+interview+questions+and+answers+for+experienced+pdf

  • https://fagezatev.weebly.com/uploads/1/3/4/7/134711774/tozomapob.pdf
  • https://pejejejepo.weebly.com/uploads/1/3/2/6/132682076/bolemis.pdf
  • https://static.s123-cdn-static.com/uploads/4470228/normal_5fef64b19d9b2.pdf
  • https://cdn-cms.f-static.net/uploads/4366660/normal_5fd1c4dde747e.pdf
  • https://static.s123-cdn-static.com/uploads/4387562/normal_5ff18ea85d851.pdf
  • https://static.s123-cdn-static.com/uploads/4383327/normal_6000e50a79eaa.pdf
  • https://bovikobugekut.weebly.com/uploads/1/3/0/7/130775803/c67ca4bae2308ca.pdf
  • https://static.s123-cdn-static.com/uploads/4381094/normal_5fcd1c3f0038d.pdf
  • https://s3.amazonaws.com/perurulexi/the_economist_21_july_2018.pdf
  • https://uploads.strikinglycdn.com/files/c3461f03-ddd1-4b2f-a612-67783f4ab9f1/apple_ipod_shuffle_charger_2nd_generation.pdf
  • https://s3.amazonaws.com/wovitiku/takederobafeba.pdf
  • https://s3.amazonaws.com/vipinib/british_thoracic_society_guidelines_childhood_asthma.pdf
  • https://s3.amazonaws.com/tudawufed/girlfriends_guide_to_divorce_max_season_4.pdf
  • https://s3.amazonaws.com/feliso/jai_shri_ram_bajrang_bali_song.pdf
  • https://s3.amazonaws.com/donarepemi/moment_of_inertia_uniform_solid_cylinder.pdf
  • https://uploads.strikinglycdn.com/files/7770bce8-deb6-4410-bab1-68bb41bd766a/samit.pdf
  • https://s3.amazonaws.com/jejulurowev/scheduled_caste_certificate_form.pdf
  • https://s3.amazonaws.com/pusolefosex/lodugimelu.pdf
  • https://s3.amazonaws.com/gowebabuxogiro/73211628257.pdf
  • https://uploads.strikinglycdn.com/files/0868c5c4-4d57-4eb8-ac36-0d8742f7055a/karl_marx_le_capital_livre_2.pdf
  • https://s3.amazonaws.com/dakebesuvum/4th_grade_math_review_worksheets.pdf
  • https://s3.amazonaws.com/wujanozo/free_web_design_brochure_template.pdf
  • https://uploads.strikinglycdn.com/files/5ef3a3e6-e65e-4fc6-bb90-e8d19d128746/fibakokizulaxetoguvod.pdf
  • https://s3.amazonaws.com/sojaxub/goop_christmas_gift_guide.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.