Malicious PDF — malware analysis report

Heuristics 3

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://ximepapiw.videolur.pro/uploads/2020/01/28/217631a3dd5330b.pdf

  • https://zevujiduro.weebly.com/uploads/1/3/0/5/130588789/nababubekuvi_lukorelafixokul_jesivo.pdf
  • http://bidetarat.filll.icu/uploads/2020/01/27/robifujijomitujam.pdf
  • https://xubokuxetonas.weebly.com/uploads/1/3/0/3/130313272/bebuzoxe.pdf
  • http://loot-ferm.pro/uploads/2020/01/28/08705b25.pdf
  • http://orangestreetgrocer.com/uploads/1/3/0/4/130478110/386d143cf86.pdf
  • http://boxuzog.mixglue.com/uploads/2020/01/27/ranuwopixot_xusowiri.pdf
  • https://penokone.weebly.com/uploads/1/3/0/5/130551564/debefox-surataforasonif-majojik.pdf
  • http://jajutuzu.esther-schreier.net/uploads/2020/01/29/2c713d2.pdf
  • https://watilubumu.weebly.com/uploads/1/3/0/5/130550921/2193894.pdf
  • https://zexupimifosirof.weebly.com/uploads/1/3/0/5/130543476/dac474ae4e3.pdf
  • http://scoreincph.org/uploads/1/3/0/6/130621119/130621119.html#bowflex+xtl+replacement+parts

Open this report in the interactive analyzer, or submit your own file for analysis.