Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
• Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
  Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
• External URI info PDF_URI
  PDF contains an external URL action
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://garglob.ru/pbw?utm_term=create+intro+minecraft PDF link annotation

  • https://cdn-cms.f-static.net/uploads/4387037/normal_605a6c9e9971d.pdfIn PDF document text
  • https://static.s123-cdn-static-d.com/uploads/4455916/normal_60b65c8ebe375.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4477137/normal_6003989d95066.pdfIn PDF document text
  • https://static.s123-cdn-static.com/uploads/4427076/normal_5fefc6e7a1042.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4367960/normal_602687bc2f571.pdfIn PDF document text
  • https://cdn-cms.f-static.net/uploads/4386349/normal_6027611d2ee52.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7543e695-309d-4406-a3a2-aa412c37d285/whats_a_highly_sensitive_person.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d1c096d5-6e2d-48ce-901f-1ab26c2d1191/93549648953.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/616bb845-a3e7-4abe-8e4f-4ca786964911/7419196529.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a4ff5d12-275b-4e80-a440-ac66903bb21b/77053018330.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/a9be94fb-fb22-467f-8783-21815be1ab93/60459373473.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/7d4b4074-3a5d-498f-b66c-0c33f1702766/30049994317.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/e66e6c3b-de4e-4abf-ac1f-c86dedb83a77/how_to_write_your_own_exercise_plan.pdfIn PDF document text
  • http://lijegazoz.pbworks.com/f/tiponemekipurusikiviseb.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/92d1231c-4aba-489e-bee4-dd5fc368c813/5121329602.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/fad975d7-dcfe-4574-82bc-ec27ac017e39/34372308765.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/d61c3e44-0518-44f3-b80c-466c82561312/international_maxxforce_9_oil_capacity.pdfIn PDF document text
  • http://jadubunid.pbworks.com/w/file/fetch/144637599/vishnu_sahasranamam_lyrics_in_hindi_by_anuradha_paudwal.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/bf128394-06cf-4b56-9373-f0c245b6957b/lefudo.pdfIn PDF document text
  • https://uploads.strikinglycdn.com/files/f32dc549-2d6f-4413-9c9a-a6d3ba0f36cc/mibagabododisoromutem.pdfIn PDF document text
  • http://veputuvus.pbworks.com/w/file/fetch/144758496/25719981440.pdfIn PDF document text
  • http://vomuseteweto.pbworks.com/f/merkezi_eilim_ve_dalm_lleri_tyt.pdfIn PDF document text
  • http://zejokij.pbworks.com/f/how_to_excel_in_capsim.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.