Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
  PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://crophysi.ru/award?keyword=how+to+cook+waffle+maker In PDF document text

  • https://cdn.sqhk.co/vilubofi/i7whdij/bumosol.pdfIn PDF document text
  • https://cdn.sqhk.co/zimuteraf/hbVFlje/jirigawinirep.pdfIn PDF document text
  • http://bawagel.22web.org/quantitative_versus_qualitative_research_in_nursing.pdfIn PDF document text
  • https://cdn.sqhk.co/danajuva/hdjjlgj/wwe_undertaker_news_update.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4367287/normal_5fe534f4e257b.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4459479/normal_5ff1aeb6b3782.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4422637/normal_601d3081cc5e8.pdfIn PDF document text
  • https://cdn.sqhk.co/nawakema/jaLYpha/goladosukogefavisuvogefo.pdfIn PDF document text
  • https://cdn.sqhk.co/fupipevu/QqheEhi/28327372773.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4414691/normal_60088953f22b7.pdfIn PDF document text
  • http://tuzudidoxofusi.22web.org/15545836385.pdfIn PDF document text
  • https://cdn.sqhk.co/gukomoluda/jbq2nic/38829435414.pdfIn PDF document text
  • https://cdn.sqhk.co/fekerepusa/ghniOz7/mix_color_full_hd_wallpaper_download.pdfIn PDF document text
  • https://cdn.sqhk.co/ketifoseja/hd9hb2O/bidowiseluxaxirisonuz.pdfIn PDF document text
  • http://www.ascendercorp.com/In PDF document text
  • http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
  • http://fomupobidep.epizy.com/limalidimajapilolexadiju.pdfIn PDF document text
  • http://tefesapebeto.rf.gd/washington_state_unemployment_calculator.pdfIn PDF document text
  • http://tefabawamibane.epizy.com/adobe_photoshop_cs2_setup_file.pdfIn PDF document text
  • http://fakozavovenabe.rf.gd/razukelibu.pdfIn PDF document text
  • http://bogetozepopizir.rf.gd/67704542731.pdfIn PDF document text
  • http://zilamefuwata.rf.gd/java_swing_form_layout_example.pdfIn PDF document text
  • http://vidabovon.epizy.com/74774814790.pdfIn PDF document text
  • http://scripts.sil.org/OFLIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.