Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• Image-heavy PDF with invisible link to suspicious domain high PDF_SUSPICIOUS_LINK_LURE
  PDF is a small image-heavy lure with invisible link annotations that send the user to a suspicious high-risk-domain URI. This matches credential-phishing carriers where the visible document is only a prompt and the real collection flow happens on the linked website.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://tawafokeki.support-accounts.online/uploads/2020/01/28/4073430.pdf

  • http://telelistamg.com/uploads/2020/01/27/6833617.pdf
  • http://kenya-help.org/uploads/1/3/0/6/130603918/5571458.pdf
  • http://magnerproperties.com/uploads/1/3/0/4/130488114/detato.pdf
  • https://lukixoji.weebly.com/uploads/1/3/0/5/130539182/lilatojos-penoleliguxe-noletobewimok.pdf
  • http://michaelkenny.ie/uploads/1/3/0/6/130620747/a9392cbc.pdf
  • http://aprilcable.org/uploads/1/3/0/2/130289696/130289696.html#gta+chinatown+wars+cheats+android

Open this report in the interactive analyzer, or submit your own file for analysis.