Malicious PDF — malware analysis report

Heuristics 5

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://baarspo.ru/aws?utm_term=hoover+windtunnel+3+high+performance+manual PDF link annotation

  • http://nupewijanetari.medianewsonline.com/what_does_new_wine_signify_in_the_bible.pdfIn PDF document text
  • http://lebojabufi.medianewsonline.com/81605088269.pdfIn PDF document text
  • http://zafenoro.scienceontheweb.net/czasy_teraniejsze_i_przesze_angielski.pdfIn PDF document text
  • http://maritimog.medianewsonline.com/86070775899.pdfIn PDF document text
  • https://cdn.sqhk.co/fijiwomeza/5jdjdii/despacito_violin_sheet_music.pdfIn PDF document text
  • https://cdn.sqhk.co/romekeka/gegjcGk/riwufe.pdfIn PDF document text
  • https://cdn.sqhk.co/fezifenax/jiaggjf/86442586170.pdfIn PDF document text
  • http://kekebum.22web.org/lanebupuj.pdfIn PDF document text
  • https://cdn.sqhk.co/texivewa/bRWVdii/87709271998.pdfIn PDF document text
  • https://cdn.sqhk.co/lupekute/jiHiPji/zombie_gunship_survival_hack_android.pdfIn PDF document text
  • https://gajegebukorivip.weebly.com/uploads/1/3/4/4/134487765/7471787.pdfIn PDF document text
  • https://papukelub.weebly.com/uploads/1/3/4/6/134666119/9120778.pdfIn PDF document text
  • https://jusodizepo.weebly.com/uploads/1/3/1/0/131070216/138317.pdfIn PDF document text
  • https://dopilefuma.weebly.com/uploads/1/3/4/7/134733068/rusolapevipujor-pefot-newuv.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://morupazi.epizy.com/40_mcq_answer_sheet.pdfIn PDF document text
  • https://3b9c8e93-52ab-41e8-96f8-e5fc639bf6fa.filesusr.com/ugd/fe3ccd_259031b6887044c0a3056d9cc3d680d9.pdf?index=trueIn PDF document text
  • https://uploads.strikinglycdn.com/files/3ecdcc6b-d495-49be-8e18-2f58911c43e0/healthy_indian_vegetarian_food_recipes.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/2da4c74c-c44a-40d4-b587-b0d495126e82/john_deere_48_mower_deck_parts.pdfIn PDF document text
  • https://37cc4ef3-276f-49d0-84f3-8bc08bbde6a9.filesusr.com/ugd/e4a5d4_5b10e3573b1143499074cce4ffd96c5f.pdf?index=trueIn PDF document text
  • http://rujosaru.rf.gd/28570699320.pdfIn PDF document text
  • http://wuparol.epizy.com/xovedego.pdfIn PDF document text
  • https://92fbd7ca-8480-4723-bb2c-19523f9dca15.filesusr.com/ugd/29946e_74d3eae09dd64b63aa69147ca2fc7efa.pdf?index=trueIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.