Malicious PDF — malware analysis report

Heuristics 4

• Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
  Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
• ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
• JavaScript action low PDF_JAVASCRIPT
  PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://villasdiamante.com.mx/uploads/1/3/0/4/130435633/3954752.pdf

  • http://noahsteinman.com/uploads/1/3/0/5/130551390/9667472.pdf
  • http://notariasociati.com/uploads/1/3/0/4/130476130/tafonoluvudajul.pdf
  • http://soulstarmassage.com/uploads/1/3/0/5/130542924/sofomikif.pdf
  • http://cordivanoapparel.com/uploads/1/3/0/4/130489997/eb6e89891bae.pdf
  • http://apslabgroup.com/uploads/1/3/0/5/130550891/geputizexeverimatan.pdf
  • http://jgregoryfilms.com/uploads/1/3/0/5/130590637/lewoxexixakuxilimeg.pdf
  • http://neurodesignlab.com/uploads/1/3/0/5/130539657/mavoledogekerem.pdf
  • http://nicolegoodrich.com/uploads/1/3/0/6/130604511/kusil_vivudagug_guviket.pdf
  • http://newrichmondoh.org/uploads/1/3/0/5/130551585/woroko.pdf
  • http://newperspectivemedical.com/uploads/1/3/0/6/130621838/130621838.html#indian+constitution+in+tamil+language+pdf

Open this report in the interactive analyzer, or submit your own file for analysis.